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(54) INFORMATION PROCESSOR AND METHODLICENSE SERVERAND 
PROGRAM 

(57)Abstract: 

PROBLEM TO BE SOLVED: To freely distribute contents and allow only 
authorized users to utilize the contents. 

SOLUTION: A client receives an encrypted content from a content server. The 
header of the content includes license-identifying information for identifying a 
license required in utilization of the content. The client requests a license server 
to transmit a license identified by the license-identifying information. When 
receiving the request for a licensethe license server carries out a charging 
process before transmitting the license to the client. The client can decode and 
play back the content on the condition of possessing the license. 



CLAIMS 



[Claim(s)] 

[Claim l]An information processor comprising: 



Licenses specific information for specifying said license which carries out the 
utilization permission of the contents concerned in an information processor which 
permits use of contents on condition that a license is held. 
Enciphered contents data. 

A content storing means which memorizes said contents including key information 
required in order to decode contents data. 

A license memory measure which memorizes a license containing contents 
specific information for specifying said contents by which a utilization permission 
is carried outA judging means which judges whether a license which can carry out 
the utilization permission of said contents is memorized by said license memory 
measureand a decoding means which decodes contents data of said contents on 
condition that it was judged that a license was memorized by said judging means. 

[Claim 2]The information processor according to claim 1 which is provided with the 
following and characterized by a license received by said reception means being 
memorized by said license memory measure. 

A transmitting means which transmits a license request containing license 
identification information for said information processor to identify a license to a 
license server further. 

A reception means which receives a license transmitted by license server. 

[Claim 3]The information processor according to claim 1 wherein said contents 
data is further provided with a reproduction means which reproduces contents 
data which is the data which combined text dataimage datavoice dataa video 
dataor themand was decoded by said decoding means. 

[Claim 4]Said key information contains EKB (Enabling Key Block)Said information 
processor is provided with a device node key memory measure which memorizes a 
device node key furtherSaid decoding means said EKB (Enabling Key Block) using 
a route key by which decoding processing might be carried out using said device 
node key memorized by said device node key memory measure said enciphered 
contents data. The decoding information processor according to claim 1. 
[Claim {i]Said key information contains a contents key further enciphered by route 
key of said EKB (Enabling Key Block)Said contents data is enciphered by said 
contents keySaid decoding means said contents key decoded using a route key by 
which decoding processing might be carried out in said EKB (Enabling Key Block) 
using said device node key memorized by said device node key memory measure. 
The information processor according to claim 4 using and decoding said 
enciphered contents data. 

[Claim Ci]The information processor according to claim 1 wherein said license 
includes: service-condition information which shows further a service condition of 
contents which become available according to the license concerned. 
[Claim 7]The information processor according to claim 1 wherein said license 
includes further an electronic signature made with a secret key of a license server. 
[Claim EQSaid information processor is provided with a terminal-identification- 



information memory measure which memorizes terminal identification information 
which identifies an information processor furtherSaid license request includes 
further said terminal identification information memorized by terminal- 
identification-information memory measureFurther said license received by said 
reception means including said terminal identification information said judging 
meansSaid terminal identification information included in said license is compared 
with said terminal identification information memorized by said terminal- 
identification-information memory measureThe information processor according to 
claim 2 restricting when both are in agreementand judging that the license 
concerned is a license to which use of said contents is permissible. 
[Claim 9]An information processing method with which use of contents is 
permitted on condition that a license characterized by comprising the following is 
held. 

License specific information for specifying said license which carries out the 
utilization permission of the contents concerned. 

Key information required in order to decode enciphered contents data and 
contents data. 

[Claim 10]A program which makes a computer perform processing to which use of 
contents is permitted on condition that a license characterized by comprising the 
following is held. 

License specific information for specifying said license which carries out the 
utilization permission of the contents concerned. 

Key information required in order to decode enciphered contents data and 
contents data. 

[Claim 1 1]The program according to claim 10wherein said program or its part is 
enciphered. 

[Claim I2]A license server which publishes a license to which use of contents is 
permittodcomprising: 

Contents specific information for specifying said contents a utilization permission 
is carried out by the license concerned of. 

A reception means which receives a license request containing license 
identification information which was transmitted from a license memory measure 
which memorizes said license including terminal identification information which 
identifies an information processorand an information processorand which 
identifies a license. 

An extraction means to extract said license corresponding to said license 
identification information contained in said license request from said license 
memory measure. 

A processing means to add said terminal identification information to said license 
extracted by said extraction means. 

A signature means which adds an electronic signature to a license to which 
terminal identification information was added by said processing means using a 



secret key of a license server. 

A transmitting means which transmits a license signed by said signature means to 
an information processor which transmitted said license request. 

[Claim 13]An information processing method which publishes a license to which 
use of contents is permittedcomprising: 

Contents specific information for specifying said contents a utilization permission 
is carried out by the license concerned of. 

A step which memorizes said license including terminal identification information 
which identifies an information processor. 

A step which receives a license request containing license identification 
information which was transmitted from an information processorand which 
identifies a license. 

A step which extracts said license corresponding to said license identification 
information contained in said license request from said license memory measureA 
step which adds said terminal identification information to said license extracted 
by said extraction meansA step which adds an electronic signature to a license to 
which terminal identification information was added by said processing means 
using a secret key of a license serverand a step which transmits a license signed 
by said signature means to an information processor which transmitted said 
license request. 

[Claim 14]Contents specific information for being a program which makes a 
computer perform processing processing which publishes a license to which use of 
contents is permittedand specifying said contents a utilization permission is 
carried out by the license concerned ofA step which memorizes said license 
including terminal identification information which identifies an information 
processorA step which receives a license request containing license identification 
information which was transmitted from an information processorand which 
identifies a licenseA step which extracts said license corresponding to said license 
identification information contained in said license request from said license 
memory measureA step which adds said terminal identification information to said 
license extracted by said extraction meansA step which adds an electronic 
signature to a license to which terminal identification information was added by 
said processing means using a secret key of a license serverA program which 
makes a computer perform a step which transmits a license signed by said 
signature means to an information processor which transmitted said license 
request. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 



[Field of the Invention]This invention about an information processor and a 
methoda license serverand a programThe contents which have not been licensed 
in particular from an owner of a copyright are copied unjustlyand are related with 
the information processor and the methodlicense serverand program which 
enabled it to prevent being used. 
[0002] 

[Description of the Prior Art]These daysas a user provides other users with the 
music data which he holds via the Internet and offers are received for the music 
data which he does not hold from other usersthe system where two or more users 
exchange music data for nothing and which they suit is realized. 
[0003]I1 : the contents of one music and others exist theoreticallyin order that 
other users of all the may be enabled to use it and many users may not purchase 
contents in such a systemSince the owner of a copyright about contents cannot 
sell the contents as workshe will lose an opportunity to receive the loyalty about 
use of the works which can originally be received with sale of works. 
[0004] 

[Problem(s) to be Solved by the Invention]Thenit is requested socially that it 
should prevent being used unjustlywithout barring circulation of contents. 
[0005]This invention is made in view of such a situationand it enables it to prevent 
contents from being used unjustly certainly. 
[0006] 

[Means for Solving the Problem]License specific information for specifying a 
license required in order that an information processor of this invention may carry 
out the utilization permission of the contentsA content storing means which 
memorizes contents including enciphered contents data and key information 
required in order to decode contents dataA license memory measure which 
memorizes a license containing contents specific information for specifying 
contents by which a utilization permission is carried outA judging means which 
judges whether a license which can carry out the utilization permission of the 
contents is memorized by license memory measurelt has a decoding means which 
decodes contents data of contents on condition that it was judged that a license 
was memorized by a judging means. 

[0007]A transmitting means which transmits a license request containing license 
identification information for an information processor to identify a license to a 
license server furtherlt has a reception means which receives a license 
transmitted by license serverand a license received by a reception means can be 
memorized by license memory measure. 

[0008]Contents data is the data which combined text dataimage datavoice dataa 
video dataor themand can be further provided with a reproduction means which 
reproduces contents data decoded by decoding means. 

[0009]Key information contains EKB (Enabling Key Block)An information processor 
is provided with a device node key memory measure which memorizes a device 
node key furtherThe decoding means can decode contents data enciphered using 
a route key by which decoding processing might be carried out in EKB 



(EnablingKey Block) using a device node key memorized by device node key 
memory measure. 

[0010]Key information contains a contents key further enciphered by route key of 
EKB (Enabling Key Block)Contents data is enciphered by contents keyA decoding 
means contents data enciphered using a contents key decoded using a route key 
by which decoding processing might be carried out in EKB (Enabling Key Block) 
using a device node key memorized by device node key memory measure. It can 
decode. 

[001 1] T he license can include service-condition information which shows further a 
service condition of contents which become available according to the license. 
[0012]The license can include further an electronic signature made with a secret 
key of a license server. 

[0013]An information processor is provided with a terminal-identification- 
information memory measure which memorizes terminal identification information 
which identifies an information processor furtherFurther a license with which a 
license request was further received by a reception means including terminal 
identification information memorized by terminal-identification-information memory 
measure including terminal identification information a judging meansTerminal 
identification information included in a license is compared with terminal 
identification information memorized by terminal-identification-information memory 
measurewhen both are in agreements restrictsand it can judge that the license is 
a license to which use of contents is permissible. 

[0014]License specific information for an information processing method of this 
invention to specify a license which carries out the utilization permission of the 
contentsEnciphered contents data and key information required in order to decode 
contents dataA step which memorizes a step which memorizes ****** 
contentsand a license containing contents specific information for specifying 
content s by which a utilization permission is carried outA step which judges 
whether a license which can carry out the utilization permission of the contents is 
memorized by license memory measureA step which decodes contents data of 
contents on condition that it was judged that a license was memorized by a 
judging means is included. 

[0015]License specific information for a program of this invention to specify a 
license which carries out the utilization permission of the contentsEnciphered 
contents data and key information required in order to decode contents dataA 
step which memorizes a step which memorizes ****** contentsand a license 
containing contents specific information for specifying contents by which a 
utilization permission is carried outA step which judges whether a license which 
can carry out the utilization permission of the contents is memorized by license 
memory measureA computer is made to perform a step which decodes contents 
data of contents on condition that it was judged that a license was memorized by 
a judging means. 

[001 6]A program or its part can be enciphered. 

[0017]Since contents permitted are specifiedthis invention is characterized by a 



license server comprising the following. 
Contents specific information. 

A license memory measure which memorizes a license including terminal 
identification information which identifies an information processor. 
A reception means which receives a license request containing license 
identification information which was transmitted from an information processorand 
which identifies a license. 

An extraction means to extract a license corresponding to license identification 
information contained in a license request from a license memory measureA 
processing means to add terminal identification information to a license extracted 
by an extraction meansA signature means which adds an electronic signature to a 
license to which terminal identification information was added by a processing 
means jsing a secret key of a license serverand a transmitting means which 
transmits a license signed by a signature means to an information processor which 
transmitted a license request. 

[0018]Since contents by which a utilization permission is carried out are 
specifiedthis invention is characterized by an information processing method 
comprising the following. 
Contents specific information. 

A step which memorizes a license including terminal identification information 
which identifies an information processor. 

A step which receives a license request containing license identification 
information which was transmitted from an information processorand which 
identifies a license. 

A step which extracts a license corresponding to license identification information 
contained in a license request from a license memory measureA step which adds 
terminal identification information to a license extracted by an extraction meansA 
step which adds an electronic signature to a license to which terminal 
identification information was added by a processing means using a secret key of a 
license serverand a step which transmits a license signed by a signature means to 
an information processor which transmitted a license request. 

[0019]In an information processor of this inventionan information processing 
methodand a programon condition that a license is heldcontents are decodedand it 
is made available. 

[0020]In a license server of this inventionand an information processing methodan 

effective license is published only with a specific information processor. 

[0021] 

[Embodiment of the Invention] Drawing 1 shows the composition of the contents 
providing system which applied this invention. Client 1-11-2 (hereafterwhen these 
clients do not need to be distinguished separatelythe client 1 is only called) is 
connected to the Internet 2. In this examplealthough two clients are shownthe 
client of the arbitrary number is connected to the Internet 2. 



[0022]On the Internet 2. When the contents server 3 which provides contents to 
the client 1the license server 4 which gives a license required to use the contents 
which the contents server 3 provides to the client land the client 1 receive a 
licenseThe fee collection server 5 which performs accounting to the client 1 is 
connected. 

[0023]These contents servers 3the license server 4and the fee collection server 5 
are also connected to the arbitrary number and the Internet 2. 
[0024] Drawing 2 expresses the composition of the client 1. 
[0025]In drawing 2 CPU(CentralProcessing Unit) 21 Various kinds of processings 
are performed according to the program memorized by ROM(Read Only Memory) 
22 or the program loaded to RAM(Random Access Memory) 23 from the storage 
parts store 28. the timer 20 — a time check — it operates and time information is 
supplied to CPU21. To RAM23CPU21 performs various kinds of processings 
againand also required data etc. are memorized suitably. 

[0026]The encryption decoding part 24 performs processing which decodes the 
already enciphered contents data while enciphering contents data. The codec part 
25 encodes contents data by ATRAC(Adaptive Transform Acoustic Coding)3 
method etc.for examplelt is made to supply and record on the semiconductor 
memory 44 connected to the drive 30 via the input/output interface 32. Or the 
codec part 25 decodes the data which was read from the semiconductor memory 
44 via the drive 30 and which is encoded again. 

[0027]The semiconductor memory 44 is constituted by the memory stick 
(trademark) etc.for example. 

[0028]OPU21ROM22RAM23the encryption decoding part 24and the codec part 25 
are mutually connected via the bus 31. The input/output interface 32 is also 
connected to this bus 31 again. 

[0029]The input part 26CRT which become the input/output interface 32 from a 
keyboarda mouseetc.The communications department 29 which comprises the 
storage parts store 28a modema terminal adopteretc. which comprise the 
outputting part 27 which consists of a display which consists of LCD etc.a 
loudspeakeretc.a hard disketc. is connected. The communications department 29 
performs the communications processing through the Internet 2. The 
communications department 29 performs the communications processing of an 
analog signal or a digital signal among other clients again. 

[0030]The drive 30 is connected to the input/output interface 32 again if neededlt 
is suitably equipped with the magnetic disk 41 the optical disc 42the magneto- 
optical disc 43or the semiconductor memory 44and the computer program read 
from them is installed in the storage parts store 28 if needed. 

[0031] Although a graphic display is omittedthe contents server 3the license server 
4and the fee collection server 5 are also constituted by the client 1 shown in 
drawing 2and the computer which has the same composition fundamentally. Thenin 
the following explanationthe composition of drawing 2 is quoted also as 
compos ition of the contents server 3the license server 4the fee collection server 
5 etc. 



[0032]Nextwith reference to the flow chart of drawing 3 the client 1 explains the 
processing which receives offer of contents from the contents server 3. 
[0033]When a user orders it access to the contents server 3 by operating the 
input part 26CPU21 controls the communications department 29 and he makes it 
access the contents server 3 via the Internet 2 in Step S1. In Step S2a user 
operates the input part 26and if the contents which receive offer are 
specifiedCPU21 will receive this specification information and will notify the 
contents specified as the contents server 3 via the Internet 2 from the 
communications department 29. The contents server 3 which received this notice 
so that it may mention later with reference to the flow chart of drawing 4 Since the 
enciphered contents data is transmittedin Step S3 CPU21If this contents data is 
received via the communications department 29that contents data enciphered will 
be supplied and stored in the hard disk which constitutes the storage parts store 
28 in step S4. 

[0034]Nextwith reference to the flow chart of drawing 4 contents offer processing 
of the contents server 3 corresponding to the above processing of the client 1 is 
explained. In the following explanationthe composition of the client 1 of drawing 2 
is quoted also as composition of the contents server 3. 

[0035]In Step S21CPU21 of the contents server 3It stands by until it receives 
access from the Internet 2 from the client 1 via the communications department 
29and when it judges with having received accessit progresses to Step S22 and 
the information which specifies the contents transmitted from the client 1 is 
incorporated. The information which specifies these contents is information which 
the client 1 has notified in Step S2 of drawing 3 . 

[0036]In Step S23CPU21 of the contents server 3 reads the contents specified 
for the information incorporated by processing of Step S22 out of the contents 
data memorized by the storage parts store 28. CPU21 supplies the contents data 
read from the storage parts store 28 to the encryption decoding part 24and makes 
it encipher in Step S24 using the contents key Kc. 

[0037]Since the contents data memorized by the storage parts store 28 is already 
encoded by the codec part 25 with ATRAC3 methodthis contents data encoded 
will be enciphered. 

[0038]Of coursethe storage parts store 28 can be made to memorize contents 
data in the state where it enciphered beforehand. In this caseprocessing of Step 
S24 can be omitted. 

[0039]Mextin Step S25 CPU21 of the contents server 3Key information (EKB and 
k ekbc ( Kc ) which are later mentioned with reference to drawing 5 ) required to 
decode the contents enciphered by the header which constitutes the format which 
transmits the enciphered contents dataLicense ID for identifying a license required 
to use contents is added. And in Step S26 CPU21 of the contents server 3The 
data which formatted the key and the header which added license ID is 
transmitted to the accessed client 1 via the Internet 2 from the communications 
department 29 at the contents enciphered by processing of Step S24and 
processing of Step S25. 



[0040] Drawing 5 is carried out in this wayand expresses the composition of the 
format in case contents are supplied to the client 1 from the contents server 3. 
This format is constituted by header (Header) and the data (Data) as shown in the 
figure. 

[0041 ]In a headercontents information (Content information)Digital-rights- 
management information (DRM (Digital Right Management) information)license ID 
(License ID) and an INEBU ring key block (validation key blocks) (EKB 
(EnablingKey Block)) — andData K EKBC (Kc) as the contents key Kc enciphered 
using key K EKBC generated from EKB is arranged. EKB is later mentioned with 
reference to drawing 15 . 

[0042]Informationincluding the method etc. of the content ID (CID) as 
identification information for identifying the contents data by which formatting is 
carried out as dataand the codec of the contentsis included in contents 
information. 

[0043]The rule and state (Usagerules/status) which use contents for digital- 
rights— management: informationand URL (Uniform Resource Locator) are arranged. 
The reproduction frequency of contentscopy frequencyetc. are described by a use 
rule and the statefor example. 

[0044]URL is address information accessed when acquiring the license specified 
by license IDand is an address of the license server 4 specifically required in the 
case of the system of drawing 1 since it is licensed. License ID identifies the 
license needed when using the contents currently recorded as data. 
[0045]Data is constituted by arbitrary numbers of encryption blocks (Encryption 
Block). Each encryption block is constituted by an initial vector (IV (Initial 
Vector))the seed (Seed)and data E Kc (data) that enciphered contents data by key 
Kc. 

[0046] Key K'c is constituted by the value calculated to the hash function with the 
application of the value Seed set to the contents key Kc by random numbers as 
shown in a following formula. 

[0047]K'c=Hash(KcSeed)[0048]The initial vector IV and the seed Seed are set as 
a different value for every encryption block. 

[0049]The data of contents is classified per 8 bytes and this encryption is 
performed every 8 bytes. 8 bytes of latter encryption is performed in the CBC 
(Cipher Block Chaining) mode performed using the result of 8 bytes of encryption 
of the preceding paragraph. 

[0050]Since 8 bytes of encryption result of the preceding paragraph does not exist 
when enciphering 8 bytes of first contents data in the case of the CBC modewhen 
enciphering 8 bytes of first contents dataencryption is performed by making the 
initial vector IV into an initial value. 

[0051 ]By performing encryption by this CBC modeeven if one encryption block is 
decodedit is controlled that that influence attains to other encryption blocks. 
[0052]About this encryption drawing 46 is made reference and explained in full 
detail behind. 

[0053]About a cipher systemit does not restrict to this. 



[0054]The client 1 is no charge about the contents server 3 to contents as 
mentioned aboveand it can acquire freely. Thereforethe contents themselves 
become possible [ distributing] in large quantities. 

[0055]Howevereach client 1 needs to hold the licensewhen using the acquired 
contents. Thenwith reference to drawing 6 processing in case the client 1 
reproduces contents is explained. 

[0056]]n Step S41CPU21 of the client 1 acquires the identification information 
(CID) of the contents to which it pointed because a user operates the input part 
26. This identification information is constituted by the title of contentsthe number 
given for each [ which is memorized ] contents of everyetc.for example. 
[0057]And CPU21 will read license ID (ID of a license required to use the 
contents) corresponding to the contentsif contents are directed. This license ID is 
describ ed by the header of the contents data enciphered as shown in drawing 5 . 
[0058]Nextit is judged whether it progresses to Step S42and the license 
corresponding to license ID read at Step S41 is already acquired by the client 
land CPU21 is memorized by the storage parts store 28. When the license is not 
acquiredit progresses to Step S43 and CPU21 still performs license acquisition 
processing. The details of this license acquisition processing are later mentioned 
with reference to the flow chart of drawing 7 . 

[0059]When judged with the license already being acquired in Step S420r in Step 
S43as a result of performing license acquisition processingwhen a license is 
acquiredit progresses to Step S44 and it is judged whether the license from which 
CPU21 is acquired is a thing within the term of validity. It is judged by comparing 
with the term (refer to drawing 8 mentioned later) specified as contents of the 
licenseand the present date clocked by the timer 20 whether a license is a thing 
within the term of validity. When judged with the term of validity of a license 
having already expiredit progresses to Step S45 and CPU21 performs a license 
update process. The details of this license update process are later mentioned 
with reference to the flow chart of drawing 10 . 

[0060]When judged with a license being still within the term of validity in Step 
S440r when a license is updatedit progresses to Step S46and CPU21 reads the 
contents data enciphered from the storage parts store 28and is made to store it in 
RAM23 in Step S45. And it is the encryption block unit arranged at the data of 
drawing 5the data of the encryption block memorized by RAM23 is supplied to the 
encryption decoding part 24and CPU21 makes it decode in Step S47 using the 
contents key Kc. 

[0061] Although the example of the method of obtaining the contents key Kc is 
later mentioned with reference to drawing 15 Key K EKBC contained in EKB ( drawing 
5) can be obtained using a device node key (DNK) ( drawing 8 )and the contents key 
Kc can be obtained from data K EKBC (Kc) and ( drawing 5 ) using the key K EKBC . 
[0062]CPU21 supplies the contents data decoded by the encryption decoding part 
24 to the codec part 25and makes it decode in Step S48 further. And from the 
input/output interface 32CPU21 supplies the data decoded by the codec part 25 
to the cutputting part 27carries out D/A conversionand makes it output from a 



loudspeaker. 

[0063]Nextwith reference to the flow chart of drawing 7t he details of the license 
acquisition processing performed at Step S43 of drawing 6 are explained. 
[0064]The client 1 acquires the service information containing the pair of the 
leaves ID and DNK (Device Node Key)and the secret key and public key of the 
client I the public key of a license serverand the certificate of each public key by 
registering with a license server a priori. 

[0065] Leaf ID is a device node key required to express the identification 
information assigned for every clientand for DNK decode the contents key Kc 
which is contained in EKB (validation key blocks) corresponding to the license and 
which is enciphered (with reference to drawing 12 it mentions later). 
[0066]ln Step S61CPU21 acquires first URL corresponding to license ID made into 
the processing object now from the header shown in drawing 5 . As mentioned 
abovethis URL is an address which should be accessed when acquiring the license 
corresponding to license ID too described by the header. Thenin Step S62CPU21 
accesses URL acquired at Step S61. Specificallyaccess is performed to the 
license server 4 by the communications department 29 via the Internet 2. At this 
timethe license server 4 requires the input of the license specification information 
that the license (license required to use contents) to purchase is specified and 
user IDand a passwordfrom the client 1 (Step S102 of drawing 9 mentioned later). 
CPU21 displays this demand on the indicator of the outputting part 27. Based on 
this displaya user operates the input part 26 and enters license specification 
informationuser IDand a password. The user of the client 1 accesses the license 
server 4 via the Internet 2and acquires this user ID and password a priori. 
[0067]In Step S63 and S64CPU21 incorporates user ID and a password while 
incorporating the license identification information inputted from the input part 26. 
CPU21 makes the license request which controls the communications department 
29 and contains the inputted user ID and leaf ID contained in license specification 
information and service information (it mentions later) in a password transmit to 
the license server 4 via the Internet 2 in Step S65. 

[0068]the license server 4 is based on user IDa passwordand license specification 
information so that it may mention later with reference to drawing 9 — a license - 
- transmitting (Step S109) — or a license is not transmitted when conditions are 
not fulfilled (Step S112). 

[0069]When it judges whether the license has been transmitted from the license 
server 4 and the license has been transmittedit progresses to Step S67and 
CPU21 supplies the license to the storage parts store 28and makes it memorize in 
Step S66. 

[0070]In Step S66when it judges with a license not being transmittedit progresses 
to Step S68 and CPU21 performs error handling. Since the license for using 
contents is not acquiredspecificallyCPU21 forbids regeneration of contents. 
[0071]It becomes possible to use the contents only after acquiring the license 
corresponding to license ID to which each client 1 accompanies contents data as 
mentioned above. 



[0072]License acquisition processing of drawing 7 can also be beforehand carried 
outbefcre each user acquires contents. 

[0073]The license with which the client 1 is provided contains a service condition 
and leaf ID ****for exampleas shown in drawing 8 . 

[0074]The expiration date which can use contents for a service condition based 
on the licenseThe download term which can download contents based on the 
licenseThe number of times which can copy contents based on the license (copy 
frequency allowed)Based on the number of times of check-outthe number of times 
of the maximum check-outand its licenseThe information which shows the number 
of times which can copy contents to a right recordable on CD-R and PD (Portable 
DeviceHhe right that a license can be shifted to ownership (acquisition state)duty 
to take a use logetc. is included. 

[0075]Nextwith reference to the flow chart of drawing 9 license offer processing of 
the license server 4 performed corresponding to the license acquisition processing 
of the client 1 of drawing 7 is explained. The composition of the client 1 of drawing 
2js quoted as composition of the license server 4 also in this case. 
[0076]In Step S101CPU21 of the license server 4When it stands by until it 
received access from the client land access is receivedtransmission of user IDa 
passwordand license specification information is required from the client 1 which 
has progressed and accessed Step S102. As it mentioned aboveby processing of 
Step Sf>5 of drawing 7 from the client 1. When user IDa password and leaf IDand 
license specification information (license ID) have been transmittedCPU21 of the 
license server 4 performs processing which receives and incorporates this via the 
communications department 29. 

[0077]And in Step S103CPU21 of the license server 4 accesses the fee collection 
server i> from the communications department 29and requires the crediting 
process of the user corresponding to user ID and a password. If the demand of a 
crediting process is received from the license server 4 via the Internet 2the fee 
collection server 5The payment history of the past of the user corresponding to 
the user ID and passwordetc. are investigatedWhen the credit result which permits 
grant of a license when it investigates whether there is any track record of the 
nonpayment of the remuneration of the users license in the past and there is no 
such track record is transmitted and there are a track record of 
nonpaymentetc.the credit result of the disapproval of license granting is 
transmitted. 

[0078]In Step S104CPU21 of the license server 4When it judges whether the 
credit result from the fee collection server 5 is a credit result which permits giving 
a license and grant of the license is permittedlt progresses to Step S105 and the 
license corresponding to the license specification information incorporated by 
processing of Step S102 is taken out out of the license memorized by the storage 
parts store 28. As for the license memorized by the storage parts store 
28inforrnationincluding license IDa versionthe date and time of creationthe term of 
validityetc.is described beforehand. In Step S106CPU21 adds leaf ID which 
received with the license. In Step S107CPU21 chooses the service condition 



matched with the license selected at Step S105. Or by processing of Step 
S102when a service condition is specified from a userthe service condition is 
added to the service condition currently prepared beforehand again if needed. 
CPU21 adds the selected service condition to a license. 
[0079](n Step S108CPU21 signs a license with the secret key of a license 
serverandtherebythe license of composition as shown in drawing 8 is generated. 
[0080]Nextit progresses to Step S109 and CPU21 of the license server 4 makes 
the license (it has the composition shown in drawing 8 ) transmit to the client 1 via 
the Internet 2 from the communications department 29. 

[0081]CPU21 of the license server 4 makes the storage parts store 28 memorize 
the license (a service condition and leaf ID are included) which is processing of 
Step S109 and transmitted now in Step S1 10 corresponding to the user ID and the 
password which were incorporated by processing of Step S102. In Step 
S111CPU21 performs accounting. SpecificallyCPU21 requires the accounting to 
the user corresponding to the user ID and password of the fee collection server 5 
from the communications department 29. The fee collection server 5 performs 
accourting to that user based on the demand of this fee collection. It can be 
licensedeven if that user demands grant of a license henceforth when that user 
does not make payment to this accounting as mentioned above. 
[0082]That issince the credit result which makes grant of a license disapproval 
from the fee collection server 5 is transmitted in this caseit progresses to Step 
S1 12 from Step S104and CPU21 performs error handling. CPU21 of the license 
server 4 outputs the message of the purport that a license cannot be givento the 
client 1 which controlled the communications department 29 and has accessed 
itandspecificallyterminates processing. 

[0083]In this casesince that client 1 cannot be licensed as mentioned aboveusing 
those contents (decode a code) can be performed. 

[0084] Drawing 10 expresses the details of the license update process in Step S45 
of drawing 6 . Processing of Step S131 of drawing 10 thru/or Step S135 is the 
fundamentally same processing as processing of Step S61 of drawing 7 thru/or 
Step S(55. Howeverin Step S133CPU21 incorporates license ID of the license 
instead of the license to purchase to update. And in Step S135CPU21 transmits 
user ID and license ID of the license updated with a password to the license 
server 4. 

[0085]Corresponding to transmitting processing of Step S135the license server 4 
presents a service condition so that it may mention later (Step S153 of drawing 
H). Thenin Step S136CPU21 of the client 1 receives presentation of the service 
condition from the license server 4outputs this to the outputting part 27and 
displays it. A user operates the input part 26chooses a predetermined service 
condition out of this service conditioner newly adds a predetermined service 
condition. CPU21 transmits the application for purchasing the service condition 
(conditions which update a license) selected as mentioned above to the license 
server 4 at Step S137. Corresponding to this applicationthe license server 4 
transmits a final service condition so that it may mention later (Step S154 of 



drawing 11 ), Thenin Step S138CPU21 of the client 1 acquires the service 
condition from the license server 4and updates the service condition in Step S139 
as a service condition of the corresponding license already memorized by the 
storage parts store 28. 

[0086]l >awing 11 expresses the license update process which the license server 4 
performs corresponding to the license update process of the above client 1. 
[0087]Rrstin Step S151in Step S152CPU21 of the license server 4 will receive the 
license specification information which the client 1 transmitted at Step S135 with 
license update request informationif access from the client 1 is received. 
[0088]In Step S153if the update request of a license is receivedCPU21 will read 
the service condition (service condition to update) corresponding to the license 
from the storage parts store 28and will transmit to the client 1. 
[0089]In [ if it applies for the purchase of a service condition from the client 1 by 
processing of Step S137 of drawing 10 to this presentation as mentioned above ] 
Step S154CPU21 of the license server 4 generates the data corresponding to the 
service condition for which it appliedand transmits to a client and 1 in Step S154. 
The client 1 updates the service condition of the already registered license using 
the service condition received by processing of Step S139as mentioned above. 
[0090]In this inventionas shown in drawing 12 the key of a device and a license is 
managed based on the principle of a broadcasting yne KURIPUSHON (Broadcast 
Encryption) method. A key is made into a hierarchy tree structure and leaf (leaf) of 
the bottom corresponds to the key of each device. In the case of the example of 
drawing: 12 16 devices from the number 0 to the number 15 or the key 
corresponding to a license is generated. 

[0091]E:ach key is specified corresponding to each node of the tree structure 
shown by a figure Nakamaru seal. In the keys K00 thru/or K1 1 in this examplethe 
key K000 thru/or the key K1 1 1 correspond [ corresponding to the root node of 
the highest rung / the route key KR / the key K0 and K1 ] corresponding to the 
node of the 4th step corresponding to the 3rd step of noderespectively 
corresponding to the 2nd step of node. And the keys K0000 thru/or K1 1 1 1 
support the leaf (device node) as a node of the bottomrespectively. 
[0092]Since it is considered as the layered structurethe key of the higher rank of 
the key K001 0 and the key 001 1 is set to K001 and the key of the higher rank of 
the key K000 and the key K001 is set to KOOfor example. Like the followingthe key 
of the higher rank of the key K00 and the key K01 is set to KOand the key of the 
higher rank of the key K0 and the key K1 is set to KR. 

[0093]The key using contents is managed by the key corresponding to each node 
of one path from the device node (leaf) of the bottom to the root node of the 
highest rung. For examplebased on the license corresponding to the node (leaf ID) 
of the number 3the key using contents is managed by each key of the path 
containing the key K001 1 K001 KOOKOand KR. 

[0094]In the system of this inventionas shown in drawing 13 it is a keying system 
constituted based on the principle of drawing 12 and management of the key of a 
device and the key of a license is performed. In the example of drawing 1 3 8+24+32 



steps of nodes are made into a tree structureand a category corresponds to each 
node from a root node to eight steps of a low rank. The category in here means 
categonessuch as a category of the apparatus which uses semiconductor 
memor/such as a memory stickfor exampleand a category of apparatus which 
receives digital broadcasting. And this system (T system is called) corresponds to 
one node in this category node as a system which manages a license. 
[0095]That isa license corresponds by the key corresponding to 24 steps of a 
younger hierarchy's nodes further from the node of this T system. In the case of 
this exampletherebythe license of 2 24 (about 16 mega) can be specified. 32 steps 
of lower hierarchies can prescribe the user (or client 1) of 2 32 (about 4 giga). The 
key corresponding to 32 steps of nodes of the bottom constitutes DNK (Device 
Node Key)and ID corresponding to the leaf of the bottom is set to leaf ID. 
[0096]E:ach device and the key of a license correspond to one of the paths which 
comprise each node of 64 (=8+24+32) stages. For examplethe contents key which 
enciphered contents is enciphered using the key corresponding to the node which 
constit jtes the path assigned to the corresponding license. It is enciphered using 
the key of the hierarchy of the latest low rankand the key of the hierarchy of a 
higher rank is arranged in EKB (with reference to drawing 15 it mentions later). 
DNK of the bottom is not arranged in EKBbut is described by service 
informationand is given to a user's client 1. the client 1 is described in EKB using 
the key which decoded the key of the hierarchy of the latest higher rank described 
in EKB ( drawing 15 ) distributed with contents data using DNK described by the 
licenseand decoded and obtained it — the key of the hierarchy on it is decoded to 
a pan. Eiy performing the above processing one by onethe client 1 can obtain all 
the keys belonging to the path of the license. 

[0097]The concrete example of a classification of the category of a hierarchy tree 
structure is shown in drawing 14 . In drawing H route key KR2301 is set to the 
highest rung of a hierarchy tree structurethe node key 2302 is set to the following 
intermediate stagesand the leaf key 2303 is set to the bottom. Each device holds 
each leaf keyand a series of node keys from a leaf key to a route key and a route 
key. 

[0098]The predetermined node of the Mth step (the example of drawing 13 M= 8) 
is set up as the category node 2304 from the highest rung. That islet each of the 
node of the Mth step be a device setting-out node of a specific category. Let M+1 
or less step of nodeand a leaf be the node and leaf about the device contained in 
the category by making one node of the Mth step into the peak. 
[0099]For examplea category [memory stick (trademark)] is set to the one node 
2305 of the Mth step of drawing 14 and the node which stands in a row below in 
this nodeand a leaf are set up as the node or leaf only for a category containing 
various devices which use memo RISUTEIIKU. That is2305 or less node is defined 
as the related node of the device defined as the category of a memory stickand a 
set of a leaf. 

[0100]The low-ranking stage can be set up as the subcategory node 2306 by 
several steps from M stage. In the example of drawing 14 the node 2306 of [the 



vessel only for reproduction] is set up as a subcategory node contained in the 
category of the device which uses a memory stick for the node under two steps of 
the ca tegory [memory stick] node 2305. To 2306 or less node of the vessel only 
for reproduction which is a subcategory node. The node 2307 of the telephone 
with a music reproduction function included in the category of the vessel only for 
playback is set upand the [PHS] node 2308 contained in the low rank at the 
category of a telephone with a music reproduction function and the [cellular- 
phone] node 2309 are set up further. 

[0101]A category and a subcategory only not only in the kind of devicefor example 
A certain makerlt is possible to set up in arbitrary units (these are generically 
called an entity hereafter)such as the node which a content providera settlement- 
of-accounts organizationetc. manage uniquelyi.e.a batcha jurisdiction unitor a 
providing service unit. For exampleif one category node is set up as a peak node 
only for game machine machine XYZ which a game machine machine maker sellsln 
the game machine machine XYZ which a maker sellsthe node key of the lower 
berth below the peak nodeStorebecome a leaf key possible to sell and Distribution 
of after that and enciphered contentOr the validation key blocks (EKB) constituted 
by the node key below the peak node key and the leaf key in distribution of 
various keys and an update process are generated and distributedand distribution 
of available data is attained only to the device below a peak node. 
[0102]Thusby considering the following nodes as the category defined as the peak 
nodeor the composition set up as a related node of a subcategory by making one 
node into the peakThe maker which manages one peak node of the category stage 
or the subcategory stagea content provideretc. generate uniquely the validation 
key blocks (EKB) which make the node the peakThe composition distributed to the 
device belonging to below a peak node is attainedand renewal of a key can be 
performedwithout affecting at all the device belonging to the node of other 
categories which do not belong to a peak node. 

[0103]F : or examplein the tree structure shown in drawing 12 the four devices 
012and 3 contained in one group hold the key K00 common as a node keyKOand 
KR. By using this node key share compositionit becomes possible to provide only 
the devices 012and 3 with a common contents key. For exampleif node key K00 
the very thing held in common is set up as a contents keysetting out of a contents 
key only with the common devices 012and 3 is possiblewithout performing new key 
sending. If the value Enc (KOOKcon) which enciphered the new contents key Kcon 
by the node key K00 is stored in a recording medium via a network and distributed 
to the devices 012and 30nly the devices 012and 3 become possible [ solving the 
code Enc (K00 Kcon) using the share node key K00 held in each deviceand 
obtaining the contents key Kcon ]. It is shown that Enc (KaKb) is the data which 
enciphered Kb by Ka. 

[0104]When it is revealed in t at a certain time that the key K001 1 which the 
device 3 ownsK001 KOOKOand KR were analyzed by the aggressor (hacker)and it 
was exposed of KRAfter itin order to protect the data transmitted and received by 
a system (group of the devices 012and 3)it is necessary to separate the device 3 



from a system, for that purpose — a node key — K — 001 — K — 00 — K — 
zero — KR — respectively — being new — a key — K — ( — t — ) — 001 — K - 

- (— t — ) — 00 — K — (— t — ) — zero — K — (— t — ) — R — updating — a 
device — zero — one — two — the — updating — a key — it is necessary to 
tell . Hereit is shown that K(t) aaa is an updating key of the generation 
(Generation) t of the key Kaaa. 

[0105]distribution **** of an updating key — it ****** just. The renewal of a key 
the table constituted by the block data called the validation key blocks 
(EKB:EnablingKey Block) shown in drawing 15 Afor example via a networkOr it 
performs by storing in a recording medium and supplying the devices 01 and 2. 
Validation key blocks (EKB) are constituted by the cryptographic key for 
distributing the key newly updated by the device corresponding to each leaf (node 
of the bottom) which constitutes a tree structure as shown in drawing 12 . 
Validation key blocks (EKB) may be called the renewal block of a key (KRB:Key 
Renewal Block). 

[0106]The validation key blocks (EKB) shown in drawing 15 A are constituted as 
block data with the data configuration which can update only the required device 
of renewal of a node key. In the devices 01 and 2 in the tree structure shown in 
drawing 12t he example of drawing 15 A is the block data formed for the purpose of 
distributing the generation's t updating node key. drawing 12 — from — being 
clear — as — a device — zero — a device — one — updating — a node key — 
****** — K — (— t — ) — 00 — K — (— t — ) — zero — K — (— t — ) — R - 

- required — a device — two — updating — a node key — ****** — K — ( — t 
— ) — 001 — K — (— t — ) — 00 — K — (— t — ) — zero — K — (— t — ) — 
R — being required . 

[0107]As shown in EKB of drawing 1 5 Atwo or more cryptographic keys are 
contained in EKB. The cryptographic key of the bottom of drawing 15 A is Enc 
(K0010K(t)001). this — a device — two — having — a leaf key — K — 0010 — 
enciphering — having had — updating — a node key — K — ( — t — ) — 001 — 
it is — a device — two — self — having — a leaf key — K — 0010 — this — a 
cryptographic key — decoding — updating — a node key — K — ( — t — ) — 001 

- it can obtain . using updating node key K(t)001 obtained by decodingdecoding of 
the 2nd step of cryptographic key Enc (K — ( — t — ) — 001 — K — ( — t — ) — 
00) is attained from under drawing 15 Aand updating node key K(t)00 can be 
obtained. 

[0108]One by one below by decoding the 2nd step of cryptographic key Enc (K (t) 
00K(t)0) from on drawing 15 A. Updating node key K (t) 0 is obtained and updating 
route key K(t) R is obtained from on drawing 15 A using this by decoding the 1st 
step of cryptographic key Enc (K(t) 0 and K (t) R). 

[0109]on the other hand — a node key — K — 000 — updating — an object — 
containing — not having — a node — zero — one — updating — a node key — 
****** — being required — a thing — K — ( — t — ) — 00 — K — ( — t — ) — 
zero — K — ( — t — ) — R — it is . The nodes 0 and 1 acquire updating node key 
K(t)00 from on drawing 15 A using the debye skiing K0000 and K0001 by decoding 



the 3rd step of cryptographic key Enc (K000K(t)00)belowone by oneupdating node 
key K(t)0 is obtained by decoding the 2nd step of cryptographic key Enc (K — ( — 
t — ) — 00 — K — ( — t — ) — 0) from on drawing 1 5 Aand updating route key 
K(t) R is obtained by decoding the 1st step of cryptographic key Enc (K(t) 0 and K 
(t) R) from on drawing 15 A. Thusthe devices 01 and 2 can obtain updated key K(t) 
R. 

[0110]The index of drawing 15 A shows the actual address of the node key and 
leaf ke/ which are used as a decryption key for decoding the cryptographic key on 
the right-hand side of a figure. 

[01 1 1]When renewal of node key K(t) 0 and K (t) R of the upper stage of the tree 
structure shown in drawing 12 is unnecessary and the update process of only the 
node key K00 is requiredBy using the validation key blocks (EKB) of drawing 15 
Bupdating node key K(t)00 can be distributed to the devices 01 and 2. 
[01 12]EKB shown in drawing 15 B is available when distributing the new contents 
key sharedfor example in a specific group. As an examplethe recording medium 
with the devices 012and 3 in the group who shows by a dotted line is used for 
drawing 12 and suppose that new common contents key K(t) con is required, this - 
- the t me — a device — zero — one — two — three — being common — a 
node key — K — 00 — having updated — K — ( — t — ) — 00 — using — being 
new — being common — updating — a contents key — K — ( — t — ) — con — 
having enciphered — data — Enc (K (t) 00K(t) con) — drawing 15 — B — being 
shown — having — EKB — distributing — having . By this distributionthe 
distribution as data of the device 4 etc. which other groups' apparatus cannot 
decode is attained. 

[01 13]That isif the devices 01 and 2 decode a cryptogram using key K(t)00 which 
processed and obtained EKBit will become possible to obtain contents key K(t) 
con in t time. 

[01 14]As an example of processing which obtains contents key K(t) con in t time 
to drawing 16 K (t) Processing of the device 0 which received the data Enc (K (t) 
00K(t) con) which enciphered new common contents key K(t) con using OOand 
EKB shown in drawing 15 B via the recording medium is shown. That isthis 
example is an example which set the encryption message data based on EKB to 
contents key K(t) con. 

[01 15]As shown in drawing 16 the device 0 generates node key K(t)00 by same 
EKB processing with having mentioned above using EKB at the generation t time 
stored in the recording mediumand the node key K000 which he stores beforehand. 
Using updating node key K(t)00 decodedthe device 0 decodes updating contents 
key K(t) conand in order to use it behindby the leaf key K0000 which he hasit 
enciphers and it stores it. 

[01 16]The example of a format of validation key blocks (EKB) is shown in drawing 
17 . The version 601 is an identifier which shows the version of validation key 
blocks (EKB). A version has the function to identify the newest EKBand a function 
which shows a correspondence relation with contents. A depth shows the 
hierarchy number of the hierarchy tree to the device of the distribution destination 



of validation key blocks (EKB). The data pointer 603 is a pointer in which the 
position of the data division 606 in validation key blocks (EKB) is shownand is a 
pointer which the tag pointer 604 shows the position of the tag part 607 toand the 
signature pointer 605 shows the position of the signature 608. 
[01 17]The data division 606 stores the data which enciphered the node key 
updatedfor example. For exampleeach cryptographic key about the updated node 
key as shown in drawing 16 is stored. 

[01 18]The tag part 607 is a tag in which the physical relationship of the node key 
and leaf key which were stored in the data division 606and which were enciphered 
is shown. The grant rule of this tag is explained using drawing 18 . 
[01 19] Drawing 18 shows the example which sends the validation key blocks (EKB) 
previously explained by drawing 15 A as data. The data at this time comes to be 
shown in the table of drawing 18 B. Let the address of the top node contained in 
the cry ptographic key at this time be a top node address. Since updating key K(t) 
R of the route key is contained in the case of this examplea top node address 
serves as KR. At this timethe data Enc (K(t) 0 and K (t) R) of the highest rung 
corresponds to the position P0 shown in the hierarchy tree shown in drawing 18 
Afor example. The data of the following stage is Enc (K (t) 00K(t)0)and 
corresponds to the position POO at the lower left of front data on a tree. When it 
sees from the position of a tree structure and data is in the bottom of itO and 
when tnere is nothinga tag is set as 1 for a tag. A tag is set up as [a left (L) tag 
and a right (R) tag}. Since there is data in the position POO at the lower left of the 
position PO corresponding to the data Enc (K(t) 0 and K (t) R) of the highest rung 
of drawing 18 B and there is no data in L tag =0 and the rightit is set to R tag =1. 
Hereaftera tag is set as all the data and the data row shown in drawing 1 8 C and a 
tag sequence are constituted. 

[0120]A tag is set up in order that the corresponding data Enc (KxxxKyyy) may 
show where [ of a tree structure ] it is located, the key data Enc (KxxxKyyy) 
stored in the data division 606 — although ... is only enumeration data of the key 
enciphered simplydistinction of the position on the tree of the cryptographic key 
stored as data with the tag mentioned above of it is attained. The node index to 
which encryption data was made to correspond is used like composition of that 
previous drawing 15 explainedwithout using the tag mentioned abovefor exampleit 
is 0:Enc (K(t) 0 and K (t) R). 
00:Enc(K(t)00K(t)0 
000:Eno(K((t)000K(t)00) 

Although it is also possible to consider it as a data configuration like ...if it has 
composition using such an indexin the distribution etc. which it becomes 
redundant dataand data volume increasesand pass a networkit is not desirable. On 
the other handdistinction of a key position is attained with small data volume by 
using the tag mentioned above as index data in which a key position is shown. 
[0 1 2 1 ] It returns to drawing 1 7 and an EKB format is explained further. For 
examplethe signature (Signature) 608 published validation key blocks (EKB)it is an 
electronic signature which a lock management center (license server 4)contents 



ROBAIDA (contents server 3)a settlement-of-accounts organization (fee 
collection server 5)etc. perform. It checks that the devices which received EKB 
are the validation key blocks (EKB) which the just validation key-blocks (EKB) 
publisher published by signature verification. 

[0122]When processing using the contents supplied from the contents server 3 is 
summarized based on the license supplied from the license server 4 as mentioned 
aboveit comes to be shown in drawing 1 9 . 

[0123]That iswhile contents are provided from the contents server 3 to the client 
1a license is supplied to the client 1 from the license server 4. Contents are 
enciphered by the contents key Kc (Enc (KcContent))and the contents key Kelt is 
added to the contents which were enciphered by the route key KR (it is a key 
obtained from EKB and corresponds to key K EKBC in drawing 5 ) (Enc (KRKc))and 
were enciphered with EKBand is provided for the client 1. 

[0124]As shown in drawing 20 the route key KR enciphered by DNK is contained in 
EKB in the example of drawing 1 9f or example (Enc (DNKKR)). Thereforethe client 
1 can obtain the route key KR from EKB using DNK contained in service 
information. The contents key Kc can be decoded from Enc (KRKc) using the 
route key KRand contents can be decoded from Enc (KcContent) using the 
contents key Kc. 

[0125]Thusaccording to the principle explained with reference to drawing 12 and 
drawing 15 RIBOKU (revoke) of each client 1 becomes possible by assigning DNK 
individually to the client 1. 

[0126]By adding and distributing license leaf IDin the client 1 matching of service 
information and a license will be performed and it becomes possible to prevent the 
illegal copy of a license. 

[0127]It also enables an end user to create the contents which can prevent an 
illegal copy by distributing the certificate and secret key for clients as service 
information using these. 

[0128]L se of a certificate and a secret key is later mentioned with reference to 
the flow chart of drawing 28 . 

[0129]In this inventionsince T system which manages a licenseand the category 
using various kinds of contents of a device are matched with a category node as 
explained with reference to drawing 13 two or more DNK(s) can be given to the 
same device. As a resultit becomes possible to manage the contents of a different 
category with one device. 

[01 303D rawing 21 expresses this relation. That isbased on T systemthe license 
using the contents 1 to which DNK1 is assigned is recorded on the device D1. 
Similarlythe contents 2 to which DNK2 was assigned and which carried out ripping 
to the memory stick from CD are recordable on this device D1for example. In this 
casethe device D1 becomes possible [ treating simultaneously contents which are 
called the contents 1 and the contents 2 and which were distributed by a different 
system (T system and a device management system) ]. Such a thing cannot be 
performedwhen assigning new DNKand DNK already assigned is deleted and it is 
made tc make only one DNK correspond to a device. 



[0131]By assigning the license category 1 and the license category 2 which are 
shown in drawing 22 at each of three square shapes each of 32 lower 
hierarchies[ in / drawing 13 ] It becomes possible to classify the inside of the 
same category into small meetingssuch as a genre of contentsa labela storeand 
distribution serviceand to manage it using a subcategory. 

[0132]ln the example of drawing 22 the license category 1 belongs to the genre of 
jazzand the license category 2 belongs to the genre of a lockfor example. License 
ID makes the contents 1 and the contents 2 which are 1 correspond to the license 
category land the user 1 thru/or the user 3 are supplied widelyrespectively. The 
contents 3 of license ID2the contents 4and the contents 5 are containedand the 
user 1 and the user 3 are provided with the license category 2respectively. 
[0133]Thusin this inventionthe key management which became independent for 
every category becomes possible. 

[0134]DNK is beforehand embedded to neither apparatus nor mediabut by the 
license server 4when performing registration processingthe system which can 
purchase the key by a user can be realized by making it download to each 
apparatus or media. 

[0135]After it is created contentseven if what kind of usage is carried outit is 
concerned with the usagethere areand it is desirable in all the uses that it is 
usable. [ no ] For examplealso in a different contents distribution service or the 
domain in which service conditions differit is desirable that the same contents can 
be used. In this inventionfor this reasonas mentioned abovethe certificate 
(certificates) of a secret key and the public key corresponding to it is distributed 
to each user (client 1) from the license server 4 as a certificate authority. Using 
the secret keyeach user can create a signature (signature)can add to contentsand 
can guarantee genuine [ of contents ] (integrity)and can aim at prevention from an 
alteration of contents. 

[0136]The example of processing in this case is explained with reference to the 
flow chart of drawing 23 . Processing of drawing 23 explains the ripping processing 
a user makes the storage parts store 28 remember the data played from CD to be. 
[0137]F : irstin Step S171CPU21 of the client 1 incorporates the regenerative data 
of CD inputted via the communications department 29 as record data. In Step 
S172CPU21 judges whether the watermark is contained in the record data 
incorporated by processing of Step S171. This watermark is constituted by the 
copy management information (CCD of a tripletand the 1-bit trigger (Trigger)and is 
embedded in the data of contents. It progresses to Step S173 and CPU21 
performs processing which extracts the watermarkwhen a watermark is detected. 
When a watermark does not existprocessing of Step S173 is skipped. 
[0138]Nextin Step S174CPU21 creates the data of the header recorded 
corresponding to contents. The data of this header is constituted by URL showing 
the access point for acquiring content IDIicense IDand a licenseand the watermark. 
[0139]Nextit progresses to Step S175 and CPU21 creates the digital signature 
based on the data of the header created by processing of Step S174 using its own 
secret key. This secret key is acquired from the license server 4 (Step S67 of 



drawing 7 ). 

[0140]CPU21 controls the encryption decoding part 24 by Step S176and contents 
are made to encipher by a contents key. A contents key is simultaneously 
acquiredwhen contents are acquired ( drawing 5 or drawing 1 9 ). 
[0141]Nextfor exampleCPU21 makes data record on the magneto-optical disc 43 
constituted with a mini disc etc. in Step S177 based on a file format. 
[0142]When a recording medium is a mini discCPU21 supplies contents to the 
codec part 25for examplemakes contents code with ATRAC3 method in Step S176. 
And the coded data is further enciphered by the encryption decoding part 24. 
[0143] Drawing 24 expresses typically the state where contents were recorded on 
the recording medium as mentioned above. The watermark (WM) extracted from 
the contents (E (At3)) enciphered is recorded out of contents (header). 
[0144] Drawing 25 expresses the more detailed composition of the file format in 
the case of recording contents on a recording medium. In this examplecontent ID 
(CID)license ID (LID)URL and the header containing a watermark (WM) are 
recordedand also. EKBthe data (Enc (KRKc)) which enciphered the contents key 
Kc by the route key KRA certificate (Cert)the digital signature (Sig (Header)) 
generated based on the headerthe data (Enc (KcContent)) which enciphered 
conten ts by the contents key Kcthe metadata (Meta Data)and the mark (Mark) are 
recorded. 

[0145]Although the watermark is embedded to the inside of contentsAs shown in 
drawing 24 and drawing 25 the inside of contents is making it arrange in a header 
independentlyand it becomes possible to detect the information currently 
embedded to contents as a watermark promptly and simply. Thereforeit can be 
judged promptly whether the contents can be copied. 

[0146]Metadata expresses the data of a jacketa photographwordsetc.for example. 
A mark is later mentioned with reference to drawing 31 . 
[0147] Drawing 26 expresses the example of the public key certification as a 
certificate. A public key certification is usually a certificate which the certificate 
authority (CA:Certificate Authority) in a public-key crypto system publishesA 
certificate authority adds informationincluding the term of validity etc.to self 
IDpublio keyetc. which the user submitted to the certificate authorityadds the 
digital s ignature by a certificate authority further to themand is created. In this 
inventionsince the license server 4 (or contents server 3) also publishes a 
certificatea secret keytherefore a public keythe user can get this public key 
certification by providing the license server 4 with user IDa passwordetc.and 
performing registration processing. 

[0148]The consecutive numbers of the certificate in which the version number of 
a certificate and the license server 4 assign the public key certification in drawing 
26 to the user (user) of a certificateThe algorithm used for the digital signature 
and a parameterthe name of a certificate authority (license server 4)the term of 
validity of a certificatea certificate user's ID (node ID or leaf ID)and the certificate 
user's public key are contained as a message. The digital signature created by the 
license server 4 as a certificate authority is added to this message. This digital 



signature is the data generated using the secret key of the license server 4 based 
on the hash value generated with the application of the hash function to the 
message. 

[0149]in the case of the example of drawing 12 if node ID or leaf ID is the device 
Oit will be set to "0000"if it comes out device lit will be set to "0001"and if it is 
the device 1 Sit will be set to "11 1 1"for example. Based on such IDit is identified 
whether the device (entity) is an entity located in which position (a leaf or node) of 
tree composition. 

[0150]Thusdistribution of contents will be freely performed by dissociating and 
distributing a license required to use contents with contents. The contents which 
came to hand in arbitrary methods or a course can be dealt with unitary. 
[0151]EJy what a file format is constituted for as shown in drawing 25 . When 
distributing the contents of the format via the Internetwhen it provides for SDMI 
(Secure Digital Music Initiative) apparatusof courseit becomes possible to manage 
the copyright of contents. 

[0152]As shown in drawing 27 for exampleeven if contents are provided via a 
recording mediumEven if provided via the Internet 2the same processing enables it 
to check out to predetermined PD (Portable Device) as SDMI (Secure Digital 
Music Initiative) apparatusetc. 

[0153]Nextwith reference to the flow chart of drawing 28 processing in case the 
client 1 checks out contents to other clients (for examplePD) is explained. 
[0154]Firstin Step S191CPU21 judges whether the digital signature is added to 
contents. When judged with the digital signature being addedit progresses to Step 
S192and CPU21 extracts a certificate and performs processing verified by the 
public hey of a certificate authority (license server 4). That isthe client 1 acquires 
the public key corresponding to the secret key of the license server 4 to the 
license server 4and decodes the digital signature added to the public key 
certification by the public key. As explained with reference to drawing 26 the digital 
signature is generated based on the secret key of a certificate authority (license 
server 4)and can be decoded using the public key of the license server 4. CPU21 
calculates a hash value with the application of a hash function to the whole 
message of a certificate. And if CPU21 compares the calculated hash value with 
the hash value produced by decoding a digital signature and both are in 
agreements will judge with a message not being what was altered. When both are 
not in agreements will be said that this certificate is altered. 

[0155]Thenin Step S193CPU21 judges whether the certificate is altered or notand 
when judged with not being alteredit progresses to Step S194 and it performs 
processing which verifies a certificate by EKB. This verification processing is 
performed by investigating whether EKB can be followed or not based on leaf ID 
( drawing 26 ) contained in a certificate. This verification is explained with reference 
to drawing 29 and drawing 30 . 

[0156]Nowas shown in drawing 29 suppose that it is the device [ RIBOKU / device 
/ the device which has the leaf key K1001 ]. At this timedata (cryptographic key) 
as shown in drawing 30 and EKB which has a tag are distributed to each device 



(leaf). This EKB is EKB which updates the key KRK1K10and K100in order RIBOKU 
[ the device "1001" in drawing 29 ] . 

[0157]AII the leaves other than a RIBOKU device "1001" can acquire updated 
route key K(t) R. That issince the leaf which stands in a row in the low rank of the 
node key K0 holds in a device the node key K0 which is not updatedit can acquire 
updating route key K(t) R by decoding the cryptographic key Enc (KOK(t) R) by the 
key K0. 

[0158]The leaf not more than node key K1 1 can acquire updating node key K(t)1 
using the node key K1 1 which is not updated by decoding Enc (K1 1K(t)1) by the 
node key K1 1. It becomes possible by decoding Enc (K(t) 1 and K (t) R) by node 
key K(t)1 to acquire updating route key K(t) R. Also about the low rank leaf of the 
node key K1 01 it is possible to acquire updating route key K(t) R similarly. 
[0159]The device "1000" which has the leaf key [ RIBOKU / leaf key ] K1000Enc 
(K1000K(t)100) is decoded by the self leaf key K1000node key K(t)100 can be 
acquiredthe node key of a higher rank can be further decoded one by one using 
thisand updating route key K(t) R can be acquired. 

[0160]cn the other hand — RIBOKU — having had — a device — "1001" — self 

— a leaf — one — a step — a top — updating — a node key — K — ( — t — ) — 
100 — EKB — processing — being unacquirable — since — after all — updating 

— a route — a key — K — ( — t — ) — R — being unacquirable . 

[0161]The data shown in drawing 30 and EKB which has a tag are distributed and 
stored in the just device [ RIBOKU / device ] (client 1) from the license server 4. 
[0162]Theneach client can perform EKB tracking processing using the tag. This 
EKB tracking processing is processing which judges whether a key distribution 
tree can be followed from the route key of a higher rank. 

[01 63] For examplel 001 which is ID (leaf ID) of the leaf "1001" of drawing 29 is 
graspec as 4 bits of "1"00and "T'and it is judged one by one from the most 
significant bit whether a tree can be followed according to a lower bit. In this 
judgmentif a bit is lit will go to right-hand sideand if it is Oprocessing which goes 
to left-hand side will be performed. 

[0164]Since the most significant bit of ID "1001" is lit goes to right-hand side 
from the route key KR of drawing 29 . It is judged with the tag (tag of the number 
0) of the beginning of EKB being 0: {00}and being what has data on both branches. 
In this casesince it can go to right-hand sideit can arrive at the node key K1. 
[0165]Nextit progresses to the node of the low rank of the node key K1. Since the 
2nd bit of ID "1001" is Oit goes to left-hand side. The tag in which the tag of the 
number 1 expresses the existence of the data of the low rank of the left-hand 
side node key KOand the existence of the data of the low rank of the node key K1 
is shown is a tag of the number 2. As shown in drawing 30t his tag shall be 2: 
{00}and shall have data on both branches. Thereforeit can go to left-hand side and 
can arrive at the node key K10. 

[0166]The 3rd bit of ID "1001" is 0 and goes to left-hand side. At this timethe tag 
(tag of the number 3) in which the existence of the data of the low rank of K10 is 
shown is 3: {00}and it judges that it has data on both branches. Thenit can go to 



left-hand side and can arrive at the node key K100. 

[0167]The least significant bit of ID "1001" is land goes to right-hand side. The 
tag which the tag of the number 4 corresponds to the node key K1 land expresses 
the numerals of the data of the low rank of K100 is a tag of the number 5. This tag 
is 5: {01}. Thereforedata will not exist in right-hand side, as a resultarrive at a node 
"1001" — it is judged with there being nothing and the device of ID "1001" being 
the device which cannot acquire the updating route key by EKBi.e.a RIBOKU 
device. 

[0168]On the other handfor examplethe device ID which has the leaf key K1000 is 
"1000"and like the case where it mentions aboveif EKB tracking processing based 
on the tag in EKB is performedit can arrive at a node "1000." Thereforeit is judged 
with the device of ID "1000" being a just device. 

[0169]Return to drawing 28 and CPU21 based on the verification processing of 
Step S I94When RIBOKU [ ****** / RIBOKU / the certificate / is judged at Step 
S195 and / the certificate ]it progresses to Step S196 and processing which 
verifies a digital signature by the public key contained in a certificate is performed. 
[0170]That isas shown in drawing 26t he certificate user's (contents creator) public 
key is contained in the certificateand the signature (Sig (Header)) shown in 
drawing; 25 is verified using this public key. By namelythe thing for which the data 
(hash value) produced by decoding the digital signature Sig (Header) is compared 
with the hash value calculated with the application of the hash function to Header 
shown in drawing 25 using this public key. It can check that Header is not alteredif 
both are in agreement. On the other handit will be said that Header is altered if 
both are not in agreement. 

[0171]In Step S197CPU21 judges whether Header is altered or notand if not 
alteredit progresses to Step S198 and it verifies a watermark. In Step S199CPU21 
judges whether he can check out or not as a result of verification of a watermark. 
When you can check outit progresses to Step S200 and CPU21 performs check- 
out. That iscontents are made to transmit and copy to the client 1 of a check-out 
place. 

[0172]In [ when judged with a digital signature not existing in Step S191 ] Step 
S193In [ when judged with the certificate being altered ] Step S195When are 
judged with the ability of a certificate to have not been verified by EKB and it is 
judged with the header being altered in Step S197 as a result of verification of a 
digital signatureOr in Step S199when judged with prohibition of check-out being 
described by the watermarkit progresses to Step S201 and error handling is 
performed. That ischeck-out is forbidden in this case. 

[0173]Thusit becomes possible by distributing a certificate and a secret key to a 
user from the license server 4and adding a digital signature at the time of contents 
creation to guarantee Shinsei of the maker of contents. Therebycirculation of 
inaccurate contents can be controlled. 

[01 74] A watermark is detected at the time of contents creationby giving the 
information to a digital signaturethe alteration of watermark information can be 
prevented and Shinsei of contents can be guaranteed. 



[0175]As a resulteven if the contents created once are distributed with what kind 
of gestaltit becomes possible to guarantee Shinsei of the original contents. 
[0176]Since contents do not have a service condition but the service condition is 
added to the licenseit is changing the service condition within a licenseand it 
becomes possible to change the service conditions of the contents related to it all 
at once. 

[01 77]Nextthe utilizing method of a mark is explained. In this inventionas 
mentioned abovea service condition is added to the license instead of contents. 
Howeveran operating condition may change with contents. Thenin this inventionas 
shown in drawing 25 a mark is added to contents. 

[0178]E>ince a license and contents have one-pair Oshi's relationit becomes 
difficult to describe each operating condition of contents only in the service 
condition of a license. Thenthough management with a license is carried out by 
adding an operating condition to contents in this wayit becomes possible to 
manage each contents. 

[0179]As shown in drawing 31 a user's ID (leaf ID)an ownership flagbeginning-of- 
using tinecopy frequencyetc. are described by this markfor example. 
[0180]The digital signature generated based on messagessuch as leaf IDan 
ownership flagbeginning-of-using timeand copy frequencyis added to a mark. 
[0181]An ownership flag is added when the license for which only a predetermined 
period makes contents usable is bought as it was for example (when duration of 
service is changed eternally). Beginning-of-using time is described when use of 
contents is started within a predetermined period. For examplewhen the stage to 
download contents is restricted and download is performed within the termthe 
time which downloaded contents actually is described here. Therebyit is proved 
that it is effective use within a period. 

[0182]The number of times which copied the contents by then is described as a 
history (log) by copy frequency. 

[0183]Mextwhen a user buys a license with reference to the flow chart of drawing 
32 a mark is explained as an example added to contents about the processing 
which adds a mark. 

[0184]Firstin Step S221CPU21 accesses the license server 4 via the Internet 2 
based cn instructions of the user from the input part 26. 

[0185]In Step S222CPU21 incorporates the input through the input part 26 from a 
userand requires acquisition of a license from the license server 4 corresponding 
to the input. 

[0186]Corresponding to this demandthe license server 4 presents a remuneration 
required in order to buy a license so that it may mention later with reference to 
the flow chart of drawing 33 (Step S242 of drawing 33 ). Thenin Step S223this will 
be outputted to the outputting part 27 and CPU21 of the client 1 will display itif 
presentation of the remuneration from the license server 4 is received. 
[0187]A user judges whether based on this displayit consents to the shown 
remunerationand inputs that decision result from the input part 26 based on that 
decision result. 



[0188]When it judges with CPU21 having judged whether it consented to the 
remuneration shown the user in Step S224 based on the input from the input part 
26and having consentedit progresses to Step S225 and processing which notifies 
consent to the license server 4 is performed. 

[01 89]If this notice of consent is receivedthe license server 4 will transmit the 
information showing acquisition of a remuneration!. e.the mark which described the 
ownership flag(Step S244 of drawing 33 ). Thenin Step S226CPU21 of the client 1 
will perform processing which embeds the received mark to contents in Step 
S227if the mark from the license server 4 is received. That isthe mark the 
ownership flag as shown in drawing 31 was described to be as a mark of the 
contents corresponding to the bought license by this will be recorded 
corresponding to contents. Since it means that the message was updated at this 
timeCPU21 also updates a digital signature ( drawing 25 ) and is recorded on a 
recording medium. 

[0190]In Step S224when judged with not consenting to the remuneration shown 
from the license server 4it progresses to Step S228 and CPU21 notifies the 
license server 4 that it does not consent to the shown remuneration. 
[0191]Corresponding to processing of such a client 1the license server 4 performs 
processing shown in the flow chart of drawing 33 . 

[0192]Mamelyin Step S241first CPU21 of the license server 4If the demand of 
license acquisition is transmitted from the client 1 (Step S222 of drawing 32 )this 
will be receiveda remuneration required for the acquisition by the target license 
will be read from the storage parts store 28 in Step S242and this will be 
transmitted to the client 1. 

[0193]As mentioned abovethe notice of whether to consent to the remuneration 
shown from the client 1 to the remuneration shown by doing in this way is 
transmitted. 

[0194]T henin Step S243 CPU21 of the license server 4When it judges whether the 
notice of consent was received from the client 1 and judges with having received 
the notice of consentprogress to Step S244generate the mark containing the 
message showing the acquisition by the target licenseand with its own secret key. 
A digital signature is added and it transmits to the client 1. Thusthe transmitted 
mark is recorded on corresponding contents in the storage parts store 28 of the 
client 1as mentioned above (Step S227 of drawing 32 ). 

[0195]In Step S243when judged with the notice of consent not being received 
from the client 1 processing of Step S244 is skipped. That isin this casesince it 
means that acquisition processing of the license was not performed eventuallya 
mark is not transmitted. 

[0196] Drawing 34 expresses the example of composition of the mark transmitted 
from the license server 4 to the client 1 in Step S244. The mark is constituted in 
this example by digital signature Sig s (LeaflDOwn) generated based on the secret 
key S of the license server 4 in leaf IDthe ownership flag (Own)and that users leaf 
ID and ownership flag. 

[0197]Since this mark is effective only to a specific user's specific contentswhen 



copied in the target contentsthe mark which accompanies those copied contents 
is repealed. 

[01 98]Thuscontents and a license are separated and it becomes possible to 
realize service according to the operating condition of each contents also in the 
case where a service condition is made equivalent to a license. 
[0199]Nexta grouping is explained. It is called a grouping to collect two or more 
apparatus and media suitablyand to enable it to deliver and receive contents freely 
in the one set. Usuallythis grouping is performed in apparatus and the media which 
an individual owns. Although this grouping set up the group key for every group 
and was performed conventionallyit becomes possible to carry out a grouping 
easily by matching the same license with two or more apparatus and media which 
carry ojt grouping. 

[0200]h is also possible to carry out the grouping of each apparatus by registering 
beforehand. The grouping in this case is explained below. 
[0201 ]In this casethe user needs to register into a server beforehand the 
certificate of the apparatus made into a grouping object. The registration 
processing of this certificate is explained with reference to the flow chart of 
drawing 35 and drawing 36 . 

[0202]Firstwith reference to the flow chart of drawing 35 the registration 
processing of the certificate of a client (apparatus used as a grouping object) is 
explained. In Step S261CPU21 of the client 1 draws up its own [ as apparatus 
made into the object of a grouping ] certificate. Its own public key is contained in 
this certificate. 

[0203]Mextit progresses to Step S262and based on the input from a user's input 
part 260PU21 accesses the contents server 3 and performs processing which 
transmits the certificate drawn up by processing of Step S261 to the contents 
server 3 in Step S263. 

[0204]As a certificatewhat received from the license server 4 can also be used as 
it is. 

[0205]AII the apparatus made into a grouping object performs the above 
processing. 

[0206]Mextwith reference to the flow chart of drawing 36 the registration 
processing of the certificate of the contents server 3 performed corresponding to 
the registration processing of the certificate of the client 1 of drawing 35 is 
explained. 

[0207]Firstin Step S271in Step S272CPU21 of the contents server 3 will register 
the certificate into the storage parts store 28if the certificate transmitted from 
the client 1 is received. 

[0208]The above processing is performed for every apparatus made into a group 
object. As a resultas shown in drawing 37t he certificate of the device which 
constitutes the group is registered into the storage parts store 28 of the contents 
server 3 for every groupfor example. 

[0209]In the example shown in drawing 37 the certificates C11 thru/or C14 are 
registered as the group's 1 certificate. Corresponding public key K P11 thru/or K P14 



is contained in these certificates C1 1 thru/or C14. 

[0210]Similarlyas the group's 2 certificatethe certificates C21 thru/or C23 are 
registeredand public key K P21 thru/or K P23 to which these correspond is contained. 
[021 1]If offer of contents is required of the apparatus which belongs to the group 
from a user in the state which constitutes the above groups where the certificate 
was registered for every apparatusthe contents server 3 will perform processing 
shown in the flow chart of drawing 38 . 

[0212]F : irstin Step S281CPU21 of the contents server 3 performs processing 
which verifies the certificate which belongs to the group among the certificates 
memorized by the storage parts store 28. 

[0213]This verification processing is performed by following EKB using a tag based 
on leaf ID contained in the certificate of each apparatusas explained with 
reference to drawing 29 and drawing 30 . EKB is distributed also to the contents 
server 3 from the license server 4. The certificate [ RIBOKU / certificate / this 
verification processing ] is excepted. 

[0214]In Step S282CPU21 of the contents server 3 chooses the validated 
certificate as a result of the verification processing of Step S281. And in Step 
S283CPU21 enciphers a contents key by each public key of the certificate of each 
apparatus selected by processing of Step S282. In Step S284CPU21 transmits 
with contents the contents key enciphered by processing of Step S283 to each 
apparatus of the target group. 

[0215]Supposing RIBOKU [ the certificate C14 ] among the groups 1 by whom it is 
shown to drawing 37 it will be processing of Step S283 and encryption data as 
shown in drawing 39 will be generatedfor example. 

[0216]That isthe contents key Kc is enciphered by public key K p11 of the 
certificate C1 1 public key K P12 of the certificate C12or public key K P13 of the 
certificate C13 in the example of drawing 39 . 

[0217]Corresponding to processing as shown in drawing 38 of the contents server 
3the apparatus (client) of each group who receives offer of contents performs 
processing shown in the flow chart of drawing 40 . 

[0218]Firstin Step S291CPU21 of the client 1 receives the contents which the 
contents server 3 has transmitted by processing of Step S284 of drawing 38 with 
a contents key. Contents are enciphered by the contents key Kcand the contents 
key is enciphered by the public key which each apparatus holds as mentioned 
above ( drawing 39 ). 

[0219]Thenin Step S292CPU21 decodes and acquires the contents key addressed 
to it with its own secret key. [ who received by processing of Step S291 ] And 
decoding processing of contents is performed using the acquired contents key. 
[0220]For exampleusing its own [ corresponding to public key K P11 ] secret keythe 
apparatus corresponding to the certificate C11 shown in the example of drawing 
39 decodes the code of the contents key Kcand acquires the contents key Kc. 
And contents are further decoded using the contents key Kc. 
[0221]Same processing is performed also in the certificate C12 and the apparatus 
corresponding to C13. Since the contents key Kc enciphered using its own public 



key is rot sent along with contentsthe apparatus of the certificate [ RIBOKU / 
certificate ] C14 cannot decode the contents key Kctherefore cannot decode 
contents using the contents key Kc. 

[0222]Although it was made to perform a grouping above to the contents key 
(namelycontents)it is also possible to perform a grouping to a license key (license). 
[0223]Grouping becomes possiblewithout using a special group key and ICV 
(Integrity CheckValue) mentioned later as mentioned above. This grouping is fit for 
applying to a small-scale group. 

[0224]In this inventiona license is also made possible [ checking outchecking in 
carrying out a moveor copying]. Howeverthese processings are performed based 
on the rule defined by SDMI. 

[0225]Nextwith reference to the flow chart of drawing 41 and drawing 42 check- 
out processing of the license by such a client is explained. 
[0226]Firstprocessing of the client which checks out a license to other clients 
with ref erence to the flow chart of drawing 41 is explained. Firstin Step 
S301CF ) U21 of the client 1 reads the number of times N1 of check-out of the 
license for check-out. Since this number of times of check-out is written in the 
service condition shown in drawing 8 it is read in this service condition. 
[0227]Mextin Step S302CPU21 reads too the number of times N2 of the maximum 
check-out of the license for check-out in the service condition of a license. 
[0228]And in Step S303 CPU21The number of times N1 of check-out read by 
process ing of Step S301 is compared with the number of times N2 of the 
maximum check-out read by processing of Step S302and it is judged whether the 
number of times N1 of check-out is larger than the number of times N2 of the 
maximum check-out. 

[0229]When it judges that the number of times N1 of check-out is smaller than 
the number of times N2 of the maximum check-outprogress to Step S304 and 
CPU21The leaf key of the device (client of a check-out place) of the other party 
is acquired from the device of partner eachand the leaf key is stored in the 
check-out list of storage parts stores 28 corresponding to license ID made 
applicable to check-out now. 

[0230]Mextin Step S305only 1 **************s the value of the number of times 
N1 of check-out of the license in which CPU21 was read by processing of Step 
S301. In Step S306CPU21 calculates ICV based on the message of a license. This 
ICV is later mentioned with reference to drawing 46 thru/or drawing 50 . It 
becomes possible to prevent the alteration of a license using ICV. 
[0231]NextCPU21 enciphers using its own public keyand makes ICV calculated by 
the license for check-outand processing of Step S306 output and copy to the 
device of the other party with EKB and a certificate in Step S307. CPU21 makes 
ICV calculated by processing of Step S306 remember it to be a leaf key of an 
opposite party device in the check list of the storage parts store 28 in Step S308 
corresponding to license ID. 

[0232]In Step S303when judged with the number of times N1 of check-out not 
being smaller than the number of times N2 of the maximum check-out (for 



exampleequaOsince check-out is performedonly the number of times already 
permitted cannot check out any more. Thenit progresses to Step S309 and CPU21 
performs error handling. That ischeck-out processing will be performed in this 
case. 

[0233]Nextwith reference to the flow chart of drawing 42 check-out processing of 
drawing 41 explains processing of the client which receives check-out of a license. 
[0234]Firstin Step S321its own leaf key is transmitted to an opposite party device 
(client 1 which checks out a license). This leaf key is memorized by the client of 
the other party in Step S304 corresponding to license ID. 

[0235]Nextin Step S322CPU21 receives thiswhen the license and ICV which were 
enciphered from the client 1 of the other party have been transmitted with EKB 
and a certificate. That isthis licenselCVEKBand a certificate are transmitted from 
the device of the other party by processing of Step S307 of drawing 41 . 
[0236]CPU21 makes the storage parts store 28 memorize the license received by 
processing of Step S322ICVEKBand a certificate in Step S323. 
[0237]The client 1 which received check-out of the license as mentioned above 
performs processing shown in the flow chart of drawing 43 when using the license 
which rsceived check-out and reproducing predetermined contents. 
[0238]That isin Step S341CPU21 of the client 1 calculates first ICV of the 
contents as which reproduction was specified by the user via the input part 26. 
And CF U21 makes ICV which is memorized by the storage parts store 28 and 
which is enciphered decode in Step S342 based on the public key contained in the 
certificate. 

[0239]Nextin Step S343it is judged whether ICV calculated now by processing of 
Step S341 and ICV of CPU21 which was read by processing of Step S342 and 
decoded correspond. The license will be altered when both are in agreement. 
Thenit progresses to Step S344 and CPU21 performs processing which 
reproduces corresponding contents. 

[0240]C)n the other handin Step S343when judged with two ICV(s) not being in 
agreementa license has a possibility that it may be altered. For this reasonit 
progresses to Step S345 and CPU21 performs error handling. That isat this 
timecoritents can be reproduced using that license. 

[0241]Nextprocessing of the client which receives check-in of the license once 
checked out to other clients as mentioned above is explained with reference to 
the flow chart of drawing 44 . 

[0242]Firstin Step S361CPU21 acquires the leaf key of the device (client 1 which 
returns a license (check-in)) of the other partyand ID of the license for check-in. 
Nextin Step S362CPU21 judges whether the license for [ which was acquired at 
Step S361 ] check-in is a license which he checked out to the opposite party 
device. This judgment is performed based on ICV memorized by processing of 
Step S308 of drawing 41 a leaf keyand license ID. That iswhen it is judged and 
memorized whether the leaf key acquired at Step S361 and the licenses ID and 
ICV are memorized during the check-out listit is judged with it being the license 
which he checked out. 



[0243]In Step S363a license requires deletion of the license of the device of the 
other partyEKBand a certificate CPU21when he checks out. Based on this 
demandthe device of the other party performs deletion of a licenseEKBand a 
certificate so that it may mention later (Step S383 of drawing 45 ). 
[0244]In Step S364since the once checked-out license has checked in at CPU21 
againonly 1 carries out the decrement of the number of times N1 of check-out of 
the license. 

[0245]In Step S365it is judged whether CPU21 has checked out other licenses to 
the device of the other partyWhen other licenses which he has still checked out 
do not existit progresses to Step S366 and CPU21 deletes the memory in the 
check-out list as check-in subject equipment of the device of the other party. On 
the other handin Step S365since check-in of other licenses may be received when 
judged with other licenses which he has checked out to the device of the other 
party existingprocessing of Step S366 is skipped. 

[0246]In Step S362when it judges that the license made applicable to check-in is 
not a license which he checked out to the opposite party deviceit progresses to 
Step S367 and CPU21 performs error handling. That isin this casesince it will not 
be the license which he has jurisdiction overcheck-in processing is not performed. 
[0247]when a user copies a license unjustlythe value of ICV memorized differs 
from the value of ICV calculated based on the license acquired by processing of 
Step S361 — he can come out and check in. 

[0248] Drawing 45 expresses processing of the client made to check in at the 
license which he has to the client which performs check-in processing of the 
license shown in the flow chart of drawing 44 . 

[0249]In Step S381CPU21 of the client 1 transmits ID of the license a leaf key and 
for check-in to the device (client 1 which performs processing shown in the flow 
chart of drawing 44 ) of the other party. As mentioned abovein Step S361the 
device of the other party acquires this leaf key and license IDand performs 
authenticating processing of the license for check-in in Step S362 based on it. 
[0250]In Step S382CPU21 of the client 1 judges whether deletion of the license 
was required from the device of the other party. Namelywhen a license is a license 
for [just ] check-inas mentioned aboveas for the device of the other 
partydeletion of a licenseEKBand a certificate is required by processing of Step 
S363. Thenwhen this demand is receivedit progresses to Step S383 and CPU21 
deletes a licenseEKBand a certificate. That issince this client 1 will be in the state 
where that license cannot be used henceforth and DEKURI mend of the number of 
times N1 of check-out is carried out only for 1 by processing of Step S364 of 
drawing 44 it means that check-in was completed by this. 

[0251]In Step S382when judged with deletion of a license not being demanded 
from the device of the other partyit progresses to Step S384 and error handling is 
performed. That ischeck-in will not be possible for the reasons of the values of 
ICV differing in this case. 

[0252]Although check-in and check-out were explained aboveit is possible 
similarly in a license a copy or for it to be made to carry out a move. 



[0253]Nlextin order to prevent the alteration of a license (contents are also the 
same)the integrity check value (ICV) of a license is generatedand it matches with 
a licenseand calculation of ICV explains the processing constitution which judges 
the existence of a license alteration. 

[0254]The integrity check value (ICV) of a license is calculatedfor example using 
the hash function to a licenseand is calculated by ICV=hash (KicvLI L2...). Kiev is 
an ICV generation key. L1 and L2 are the information on a licenseand the message 
authenticator (MAC:Message authentication Code) of the critical information of a 
license is used. 

[0255]The example of MAC value generation using DES cipher-processing 
composition is shown in drawing 46 . (dividing the target message per 8 bytesas 
shown in the composition of drawing 46 — the divided message is hereafter set 
to) M1M2...MN — exclusive OR of initial value (IV) and M1 is first carried out by 
operation part 24-1 A (the result is set to 11). NextM is put into DES encryption 
section 24-1 Band it enciphers using a key (hereafter referred to as K1) (an output 
is set to E1). Continuouslyexclusive OR of E1 and M2 is carried out by operation 
part 24-2Athe output 12 is put in to DES encryption section 24-2Band it enciphers 
using the key K1 (output E2). Hereafterthis is repeated and encryption processing 
is performed to all the messages. EN which came out at the last serves as a 
message authenticator (MAC (Message Authentication Code)) from DES 
encryption section 24-NB. 

[0256]The integrity check value (ICV) of a license is generated by the MAC value 
and ICV generation key of such a license with the application of a hash function. 
For exampleif it will be guaranteed that there is no alteration in a license if ICV 
generated to the license generate time is compared with ICV newly generated 
based on the license and the same ICV is obtainedand ICV(s) differit will be judged 
with there having been an alteration. 

[0257]Nextthe composition which sends Kiev which is an integrity check value 
(ICV) generation key of a license by above-mentioned validation key blocks is 
explained. That isit is the example used as the integrity check value (ICV) 
generation key of a license of the encryption message data based on EKB. 
[0258]When a license common to two or more devices is sent to drawing 47 and 
drawing; 48 the example of composition which distributes the integrity check value 
generation key Kiev for verifying the existence of an alteration of those licenses 
by validation key blocks (EKB) is shown. Drawing 47 shows the example which 
distributes the check value generation key Kiev which can be decoded to the 
devices; 012and 3and drawing 48 shows the example which carries out RIBOKU 
(exclusion) of the devices 01and 2 and the device 3 in threeand distributes the 
check value generation key Kiev which can be decoded only to the devices 01 and 
2. 

[0259]In the example of drawing 47 by updating node key K(t)00 with the data Enc 
(K (t) OOKicv) which enciphered the check value generation key Kiev, a device — 
zero — one — two — three — setting — each — having — a node key — a leaf 
key — using — updating — having had — a node key — K — ( — t — ) — 00 — 



decoding — being possible — validation — key blocks (EKB) — generating — 
distributing . As shown in the right-hand side of drawing 47f irst each device by 
processing EKB (decoding)updating — having had — a node key — K — ( — t — ) 
— 00 — acquiring — next — having acquired — a node key — K — ( — t — ) — 
00 — using — enciphering — having had — a check — a value — generation — a 
key — Enc (K (t) OOKicv) — decoding — a check — a value — generation — a 
key — Kiev — obtaining — things — being possible — becoming . 
[0260]the other devices 456and 7 ... by the node key and leaf key which self holds 
even if it receives the same validation key blocks (EKB). Since node key K(t)00 
which processed EKB and were updated are unacquirablea check value generation 
key can be safely sent only to a just device. 

[0261]On the other handthe example of drawing 48 noting that RIBOKU (exclusion) 
of the device 3 is carried out by disclosure of the key in the group enclosed with 
the dotted-line frame of drawing 12 for examplelt is other groups' Membai.e.the 
example which only received without the devices 01 and 2and generated and 
distributed the validation key blocks (EKB) which can be decoded. The data Enc (K 
(t) OOKicv) which enciphered the check value generation key (Kiev) as the 
validation key blocks (EKB) shown in drawing 48 by the node key (K (t) 00) is 
distributed. 

[0262]The decoding procedure is shown in the right-hand side of drawing 48 . The 
devices 01 and 2 acquire an updating node key (K (t) 00) from the received 
validation key blocks first by the decoding processing using the leaf key or node 
key which self holds. Nextthe check value generation key Kiev is acquired by 
decoding by K(t)00. 

[0263]the devices 45and 6 of other groups who show drawing 12 — even if ... 
receives this same data (EKB)it cannot acquire an updating node key (K (t) 00) 
using the leaf key and node key which self holds. Also in the device [ RIBOKU / 
device / similarly ] 3by the leaf key and node key which self holdsan updating node 
key (K (t) 00) cannot be acquiredbut only the device which has a just right 
becomes possible [ decoding and using a check value generation key ]. 
[0264]" r husif delivery of the check value generation key using EKB is useddata 
volume will be lessened and only a just right holder will become possible 
[ distributing the check value generation key whose decoding was enabled ] safely. 
[0265]The illegal copy of EKB and an encryption license can be eliminated by using 
the integrity check value (ICV) of such a license. For exampleas shown in drawing 
49 Athere are the media 1 which stored the license L1 and the license L2 with the 
validation key blocks (EKB) which can acquire each license keyand the case where 
this is copied to the media 2 as it was is assumed. The copy of EKB and an 
encryption license will be possible and this can be used with the device which can 
decode EKB. 

[0266]Ii the example shown in drawing 49 Bit has composition which matches with 
the license justly stored in each mediaand stores an integrity check value (ICV 
(L1L2)). (ICV (L1L2)) shows ICV=hash (KicvL1L2) which is an integrity check value 
of the license calculated by using a hash function for the license L1 and the 



license L2. In the composition of drawing 49 Bthe license 1 and the license 2 are 
justly stored in the media land the integrity check value (ICV (L1L2)) generated 
based on the license L1 and the license L2 is stored in them. The license 1 is 
justly stored in the media 2and the integrity check value (ICV (L1)) generated 
based on the license L1 is stored in them. 

[0267]Supposing it copies {EKB and the license 2} which were stored in the media 
1 to the media 2 in this compositionby the media 2. If a license check value is 
newly generatedlCV (L1 L2) will be generated andunlike Kiev (L1) stored in the 
media 2it will become clear that storing of the new license by an alteration or the 
unjust copy of a license was performed. In the device which reproduces mediaan 
ICV check is performed to the front step of regeneration stepsand coincidence of 
the generation ICV and the storing ICV is distinguishedand when not in 
agreements becomes possible to prevent reproduction of a license of an illegal 
copy by having composition which does not perform reproduction. 
[0268]In order to improve safetyit is good also as composition generated based on 
the data which rewrote the integrity check value (ICV) of the license and includes 
a counter. That isit has composition calculated by ICV=hash 

(Kicvccunter+1 L1 L2...). Hereone counter (counter+1) per rewriting of ICV is set up 
as a value to **************. A counter value needs to have composition stored 
in a secure memory. 

[0269]In the composition which cannot store the integrity check value (ICV) of a 
license in the same media as a licenseit is good also as composition which stores 
the integrity check value (ICV) of a license on media with an another license. 
[0270]F : or examplewhen a license is stored in the media by which anti-copying 
policiessuch as the ReadOnly media and the usual MOare not takenlf an integrity 
check value (ICV) is stored in the same mediarewriting of ICV may be made by the 
inaccurate userand there is a possibility that the safety of ICV cannot be 
maintained. In such a caseby storing ICV in the safe media on a host machineand 
having composition which uses ICV for copy control (for examplecheck-in/check- 
outmove) of a licenseSafe management of ICV and the alteration check of a 
license are attained. 

[0271]This example of composition is shown in drawing 50 . The license 1 thru/or 
the license 3 are stored in the media 2201 from which anti-copying policiessuch as 
the ReadOnly media and the usual MOare not taken in drawing 50 It is the example 
which stored the integrity check value (ICV) about these licenses in the safe 
media 2202 on the host machine with which it is not permitted that a user 
accesses freelyand prevented rewriting of the inaccurate integrity check value 
(ICV) by a user. If the device which equipped with the media 2201for example has 
PC which is a host machineand composition which performs the check of ICV in a 
server and judges reproductive propriety as such composition when it performs 
reproduction of the media 2201 Reproduction of an unjust copy license or an 
alteration license can be prevented. 

[0272]The client to which this invention is applied can be used as PDA (Personal 
Digital Assistants)a portable telephonea game terminal machineetc. in addition to 



what is called a personal computer. 

[0273]The computer by which the program which constitutes the software is 
included in hardware for exclusive use when performing a series of processings by 
softwareOr it is installed in the personal computer etc. which can perform various 
kinds of functionsfor exampleare general-purposeetc. from a network or a 
recording medium by installing various kinds of programs. 

[0274] As shown in drawing 2t his recording medium is distributed apart from a 
device main frame in order to provide a user with a program. The magnetic disk 41 
(a floppy disk is included) with which the program is recordedthe optical disc 42 
(CD-ROM (Compact Disk - ReadOnly Memory).) . DVD (Digital Versatile Disk) is 
include d. It is not only constituted by the package media which consist of the 
magneto-optical disc 43 (MD (Mini-Disk) is included) or the semiconductor 
memory 44butlt comprises ROM22 with which a user is provided in the state 
where it was beforehand included in the device main frame and on which the 
program is recordeda hard disk contained in the storage parts store 28etc. 
[0275]ln this specificationeven if the processing serially performed in accordance 
with ar order that the step which describes the program recorded on a recording 
medium was indicated is not of course necessarily processed seriallyit also 
includes a parallel target or the processing performed individually. 
[0276]In order for the program which performs processing relevant to security to 
prevent analyzing the processingit is desirable to encipher the program itself. For 
examplethe processing which performs cipher processing etc. can constitute the 
program as a tamper resistant module. 

[0277]Since the license which carries out the utilization permission of the 
contents is specifiedthe information indicated to the header of contents may not 
be li cense ID which identifies a license uniquely. It is the information as which 
license ID specifies a license required for use of contents in the above-mentioned 
examplea certain license is the information which specifies the contents which 
permit jseand it is the information which discriminates the license demanded by a 
license request from the client 1. The list of the various attribution information 
about the contents of contents is indicated to contentsand it may be made to 
indicate the conditional expression of the contents a utilization permission is 
carried out to a license by the license of. In this casethe attribution information 
included in contents is information which specifies the license to which use of 
those contents is permittedThe license is the information which specifies the 
contents which permit useand the conditional expression contained in a license 
serves as information from which license ID discriminates a license uniquely. When 
it does in this wayit becomes possible to match two or more licenses with one 
contentsand a license can be published flexibly. 

[0278]In this specificationa system expresses the whole device constituted by two 

or more devices. 

[0279] 

[Effect of the Invention]According to the information processor of this invention 
and a methoda license serverand the programlike the above. It enables it to 



distribute the enciphered data freelyand by having enabled it to use contents by 
acquiring a license separatelywithout barring circulation of contentscopyright can 
be protected and a suitable usage fee can be collected. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is a block diagram showing the composition of the contents providing 
system which applied this invention. 

[Drawing 2] It is a block diagram showing the composition of the client of drawing 1 . 
[Drawing 3] It is a flow chart explaining the download processing of the contents of 
the client of drawing 1 . 

[Drawing 4] It is a flow chart explaining contents offer processing of the contents 
server of drawing 1 . 

[Drawing 5] It is a figure showing the example of the format in Step S26 of drawing 
4. 

[Drawing 6] It is a flow chart explaining contents playback processing of the client 
of drawing 1 . 

[Drawing 7] It is a flow chart explaining the details of the license acquisition 
processing of Step S43 of drawing 6 . 

[Drawing 8] It is a figure showing the composition of a license. 

[Drawirg 9] It is a flow chart explaining processing of license offer of the license 

server of drawing 1 . 

[Drawirg 10] It is a flow chart explaining the details of the license update process 
in Step S45 of drawing 6 . 

[Drawirg 1 1] It is a flow chart explaining the license update process of the license 
server of drawing 1 . 

[Drawirg 12] It is a figure explaining the composition of a key. 
[Drawing 13] It is a figure explaining a category node. 

[Drawirg 14] It is a figure showing the example of correspondence of a node and a 
device. 

[Drawirg 15] It is a figure explaining the composition of validation key blocks. 

[Drawirg 16] It is a figure explaining use of validation key blocks. 

[Drawirg 17] It is a figure showing the example of a format of validation key blocks. 

[Drawirg 18] It is a figure explaining the composition of the tag of validation key 

blocks. 

[Drawirg 19] It is a figure explaining the decoding processing of the contents using 
DNK. 

[Drawirg 20] It is a figure showing the example of validation key blocks. 
[Drawirg 21] It is a figure explaining the assignment to one device of two or more 
contents. 

[Drawirg 22] It is a figure explaining the category of a license. 
[Drawir g 23] It is a flow chart explaining ripping processing of a client. 



[Drawing 24] It is a figure explaining the composition of a watermark. 
[Drawing 25] It is a figure showing the example of a format of contents. 
[Drawing 26] It is a figure showing the example of a public key certification. 
[Drawing 27] It is a figure explaining distribution of contents. 

[Drawing 28] It is a flow chart explaining check-out processing of the contents of a 
client. 

[Drawing 29] It is a figure explaining the example which follows the validation key 
blocks by a tag. 

[Drawing 30] It is a figure showing the example of composition of validation key 
blocks. 

[Drawing 31] It is a figure explaining the composition of a mark. 

[Drawing 32] It is a flow chart explaining license acquisition processing of a client. 

[Drawing 33] It is a flow chart explaining license acquisition processing of a license 

server. 

[Drawing 34] It is a figure showing the example of composition of a mark. 
[Drawing 35] It is a flow chart explaining the registration processing of the 
certificate of a client. 

[Drawing 36] It is a flow chart explaining the certificate registration processing of a 
contents server. 

[Drawing 37] It is a figure showing the example of a group's certificate. 
[Drawing 38] It is a flow chart explaining processing of a contents server in case 
the grouping is performed. 

[Drawing 39] It is a figure showing the example of encryption of a contents key. 
[Drawing 40] It is a flow chart explaining processing of the client belonging to a 
group. 

[Drawing 41] It is a flow chart which explains to other clients processing of the 
client which checks out a license. 

[Drawing 42] It is a flow chart explaining processing of the client which receives 
check-out of a license from other clients. 

[Drawing 43] It is a flow chart explaining regeneration of the client which received 
check-out of the license. 

[Drawing 44] It is a flow chart explaining processing of the client which receives 
check-in of a license from other clients. 

[Drawing 45] It is a flow chart which explains to other clients processing of the 

client which checks in at a license. 

[Drawing 46] It is a figure explaining generation of MAC. 

[Drawing 47] It is a flow chart explaining the decoding processing of an ICV 

generation key. 

[Drawing 48] It is a figure explaining other decoding processings of an ICV 
generation key. 

[Drawing 49] It is a figure explaining management of the copy of the license by ICV. 
[Drawing 50] It is a figure explaining management of a license. 
[Description of Notations] 

1-11-2 [ A timer21CPUand 24 / An encryption decoding part25 codec partsand 



26 / An input part27 outputting partsand 28 / A storage parts store and 29 / 
Communications department ] A clientthe 2 Internetand 3 A contents server and 
A license server5 fee-collection serverand 20 
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y AMfstsMEBOfW stttfln 5 -r - t > x i<:*?b« 

tti3»**»te j: y w&stifc^-r-bvxfcHasBv-r * 
>^B**am Lfctt««ra8BK£Br sxx •> 

[000 1] 

[*«!<DJB-*-*atlK«] IfSBfflJIgBfcJ: 

*y^iEtc3tf-*ti» p}m-&tiz><o&V5±?z>c£& 

[0 0 0 2] 

[0003] c^cfcd^^xxAT-ti, mmmat. i 

<D=L-V't>\ *ft*$m?Z>££b^m£%;V. 

iB*»fNfc©f dffl ic^-r ^ p-r + y -f z&imzms 

[0 0 0 4] 

[0005] **wf*c©«fca*tt3ztc«*Ta*ti/fc 

t,£0T-Jfeys a>^yyjB«5FiEtcf(lffli3rti*«>*5|jH«: 
[0 0 0 6] 
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□ vrvyf-^ =i > t 1 v i y x - 2 £«^-r s /-=#> 
iz&mftmmm <b *str n > x v *y £EH-r s n > x > 

&CD zi >x > 'yf^tSfg^Cr^ -< -b > XfcEISir S 5 
-f-bvxEIWSiu ziVxV'y^Uffli^Ri-r^ciA^ 
S ^ -< -b /'X/j^-C * >XE1f#J&lcE1f3-nT^ 

>X^fBtS^ti.T^-5i:W»T*tlfcJI LT3 
> x v >y CO n >• x V x — Si £«^T S t *ffi 

[0007] nms^SiiMttv 5-<-b>x+r- /tic 

^<-t>x»**as«r*>3Mi#«t» ^f-tvx+r- 

/ «fc T SHI ;* tifc 7 -f -b > X £ Sfll * S <b 

VXE«#8Mc EH S *i4 <*: ? icf S C i: So 
[0 0 0 8] □>?>7f-^tt?+Xh7 : -'$', BfK 
x-S, SJSx-*> KjSx-^fcSCHi^-tlSfcffl* 

7>7x-^« B£"T 5 J: ? \z? 

[0 0 0 9] SflHBttEKB (Enabling Key Block) 

x/«xy- h**-eii¥JR«ftiL ym&mtr/u 
xy- K*-Eit #KKEif *ttT^SxM-rxy- K 

*-£flll^TEKB (EnablingKey Block) £*S^5flSU# 

* *a*r * £ 5 icr s c <b s„ 

[0 0 1 0] ^1f$Bl*MlCEKB (Enabling Key Block) 

^ nvxvyx— £i*=i>x> , y*-icJ:yBi^'fb3- 

tlTfcy. t§#fttt7/W7/- K*-E*#«lcE 
li^tlTl^Sx/ WXS- K*-£ffll^TEKB (Enabl in 
g Key Block) SWHHUIStlfcJU- h*-*fflt^ 

T^*nfczi>5 i >"y*-^^TBi^t:?n/c=i> 

[0 0 1 i] ■7-i'-ti>xt*Mlc, -f-cD^-f-bvxie^o 
T fjffl RTtl <b 4 S □ > x > >y teffl&tt 
1WB*$t? * 5 lc*S C <t#T*So 

[0012] ^-f -tyxizmz, j Kcom 

M£«fcytt*hfc«?»***ts«fc3icr*c£tf-p 
*s„ 

[0 0 13] flt(H«Ul&|l(i> EK1ff«Ma3£B*N8iJ 
•TS4S*!«SiJtffB*fB«-rsasB*liSiJ1f$SIB1t#S:*«i 

WjHWJflmiBimiKIB 
«**iT^*4K*«giJflHB*d*s «fc U §ff 

stifc^-r-trvxttwc* wstawsuita**^ 



*IB«#«lclBtt*nT^«*5l5«8iJfll«t*]tKL, 

x > «y ©f us sit-* s ^ -r -b > x s <b wrr s 
[ooi4] *aw<o««iaa^t*s nv^vy^fij 

fflfF Rjf S 5 -f -b > X S fc46<7) 5 -f -tr vxtts 

1f$B<b* w^bS+ifcavyvvx-**:, 3>fV7 

vy^retrr sxxy:/<fcs fijfflfFpj^nsrivxV'y 
*w j£f s fc 46 © 3 > x > -y n jsita«*<s ? -r -tr > x 

SEtrrsXx-y:/^ □ >x>\y£*iJfl§l ! FprrSc:<t 
57^*>Ztf7^ -b >XfB1t#IStc|B«* tlT 

us^§6^«^-rsxx-y yt, rm/fmz «fc y ^-r 

zivxvycDavxy^x-^^^-rsxx'vyi^ 

[0 0 15] *«^©^P^Att, 3Vf>y^I 

«Fpr-r*5'C-b>x«ifs-r«fe»<D : 5-r-fevx^3tii 
Ifitv Bg^bS-tifcnvxvyx-^is nv^vyx 

ysESf'SXfy^, ^jfflfFHi-nsavxvy^ 
w s >x vywjEft «**<J5 •< -b vx^ 

r*s^-r-b>x6^-f-bvxEit#©icEtt^nT^ 

[0 0 16] ^n^L^Wi^a-ajBWfbSti 
[0017] *^<D5<-fe>'X+*— WRr^ns 
*«wKsa*«»j , r*«i5iE«9JiittB*^<j5'r-bvx* 

E«r*7-r-bvxE*#«i» HHBOOItB^eiiMI 

ftvft. 7-f-t>x*«g'j-rs^-f-t>xaK'Jii!S^ 
fe5-r-b>^»**5Mir*5Mi*«t» -7-<-b>xg 

«t=j:ytta*nfc7^-fevxic4ii5KK8!)it«*«iinr 
s«m^i8<bs ^-f-bvx+f— K©iMMi*ffl^T» 5a 
s#sic j: y «K3t«Mgijiffs«f«f jM^r nfc 5 -r -b vx icm 
?»**wnnr*«*#«is y»«*n 

/c7 -f -b >X*5 -T-b >XS3c*2Hi LfctSlfiSaS^B 
tcJUfa-r S JM«#S<b ^«^.S CI «b *1f Wit ? So 

[ooi8] *^B^^w$gs£is7j>£«x mmifrfsi*n% 

-C -b >x *«syrs ^ f -b >xat9J1»« *§t>5 -f -b > 

xs^§fi-rsxx>y^<bv 5-r-bvxB#u:£**i 



(5) 



If N 2002-359616 



£> 5 -f -fe > XHSUlf fBle fcfJST 5 5 << -b > X £ 5 -f -tr > 
XfBIS^SA^ttffi-r^Xx-yyi:, ttt±J#Slc<i: yj* 

U 4S*HSiJ1f ffi £tt AD -b>Xl«: £tt 

[0019] *%wv>ft®® ! mmm. rnmsm^m. tt 

lf\z7nV5h?l& 7-f-feVXSfiUfLTt^Ci:* 
[0 0 2 0] *:*W©5'fH2>X'9— A', tttflClMMQ 

[002 1 ] 

2tCli, ^7-T7>h1-1, 1-2 (JXT, £tli><D 

h2Kli, fflt©fc«©*^7 , Vhtf»8Mr 
[0 0 2 2] f!/i, -fV*-*V h2|Ctt, ^v-TT'V 

■T?.7-1'4z>X+f-A , 4, j5J:t>''?-7-<7 7 >h 1 

[0023] cns^zivxV'y+f-As, ^-r-trvx 

+r- A4, JJ«t:tfi!llft-9— A5<fc, ffitO^Hfc 
[0 0 2 4] @2ti?^-f"7'>M ©«lfiS£«LZV 

So 

[0 0 2 5] E^lCfcl/'T, CPU (Central Processing 
Unit) 2 1 it. ROM (Read Only Memory) 2 2lc!B1t* 
h7l x 57P^5/», 3=fdiiB1fg|S2 8frSRAM (Rando 
m Access Memory) 2 31CP- KJtlfc^n^AtC^ 
oT*«©«3**f7*-*. *-T^2 0li, trB5lb{f« 

if«1t«*CPU2 1 ICAHST*. RAM2 3 lCti$ 
fc, CPU 2 1 tf&«©Jjyi££fTT3±tc33l'>T&S£ 

[0 0 2 6] BB^fb«^SP2 4ti, ZIV^V^x-^^ 
BW^bT * 1 <b fete, BEfCBg^bStlTt^ZI >f>7 

X.ti', ATRAC (Adaptive Transform Acoustic Coding) 

-<>^7i-73 2^u oizmwrzftT 



Sfc. 3— rv^S^ 5ti, K^-<73 0*ftLZ¥m 

[0 0 2 7] *NW*/^y4 4(is filjjitf, ^'JXt 1 

[0 0 2 8] CPU 2 1 , R0M2 2, RAM 2 3, Bfi-^-fbfc^ 
952 4, &&TSzi-7 : vt$!>2 5(t /U3 1 %ftLT 

[0 0 2 9] AtiJ7J'l'>'S'7i-X3 2Kti, 
H\ ■?'73.&<tfJ:t)&£A7DgP2 6. CRT, LCD&ifcty 

2 7, / \- K5V «fc »J ttSf Bit ffi 2 8 , 

[0 0 3 0] AHtf7J-f>*:7i-X3 2mti£fc, #g 
(CffiCT K5-r7 3 OtfflNR&fU 68^x^7.-74 1, 
^f-f^42, ft&2SixVX?4 3, saMi^Wtt* 

tu 4 4a£:flHM:e»ffn» *ft6^sw*ni*nyt 
□>tfa— zynv^At*. !&sicjsl:tsB11SP2 sic 

[0 03 1] 0^tt«BSr**\ :>7>'W- 

/<3, 5-<-b>X-y— /S'4, Si^-y— /^S'fes EI2tC^ 

tfa-*tcd:y«WiSti*. ^-CT% WTfflWWtcfi^ 

So 

[0 0 3 2] 883070-^ + - h*#B8LT» 

[0 0 3 3] 3-—fb\ A7DSI3 2 6*j*fF-TSiI<bT'=l 

>x> , y+t-/\"3ic»-rs7'7-trx^^-rsi:, cpu 

2 1 It. Xt77"S 1 iCfct^T, i8ffiBP2 9*MWU 
•f h 2^LT3>7 1 > , y-y-/<3lC7''7-fe 

X?-yS„ Xx-yyS2(Cfe^T, A7DgP2 

CPU2 1(i, EflDMj£1IHB*SttlXy» jlflg|5 2 9 6^ 

8, -rv^-^-v h 2^LTPVx> , yy-/^3ic 
> y v-j 1 3 «^ ag^fbs-nfe 3>7/y?-? fc&ffi 

LT<SOT\ 7vT77S 31CJ3^T, CPU 2 Hi, j§ 
fia?2 9^^LT, E ©=1 >x x- ^ ^§fir i. 
<b, Xxy'7'S4lciJ^T, *<DB6W£tlTVZ3> 
xv > yx-^*iBltgP2 8*«fi£-rs/\- Kx-rx^ic 
4W»U EH***. 
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[0 0 3 4] mA-Oyu-?*- h^#,^LTx 

[0 0 3 5] 7.T77S2 1 KfcUTs av^wi*— 
M'30XPU2 1 (is -f h 2#6jI1Sg|52 9=& 

1*$B(is ^7>Mi\ EIS^X^^^S 2tc33l/> 

[0 0 3 6] X'r-yyS 2 3U:fcV>T* UVxV'y+T- 
/\'3cocpu2 i li, §B1fgB2 8Kf3tf snzvsriVT 1 

n/fctiiwwi*:*tifcav^vy*Biwiir. cpu2 1 

lis Xx'^S 2 4(Cfc^Ts Se«8B2 8#Sffi*tb* 

[0037] K.H8P2 stcfBlf Sft-sTi^Sav^vvyT 1 ' 

3-T'y^»2 5tCcfct) s KlCATRAC3 73jtlC 
<fcyi>3-K;2r*l7VS<J!>T?, KJ^T 

[0 0 3 8] E«gP2 8lC*46fl»fb 

S„ CWWfclCtts ^xf^SIAflMaSttflflWfcC 
<b^prS6T*«o 
[0 0 3 9] 3fclC s X77 7S2 5fcfeU»T» 3>x> 
\7+r-/.3c7)CFU2 1 (is Bg^bLfca^xVyx-r > 

sear* 7 a—?* h««figr*^yytc» ps^fb* 

ftT^*3Vx>y**#**©lCi»fc*-11MI (El 
5*#!HLT«iar*EKB4:KEKBC (Kc) ) <bx 
y«*iJfflr*flDJCi8aia:5'f-bVX*MBijr*/i:i605 
•<-trVXID*WlJP-r*o -?-L.Ts Xf77S 2 6(cfcl^ 
Tv =l>7 : > , ;/+f-M - 3<DCPU2 It*. Xf77S24 

©saa-pflHFkLfcav^vyis xx'yys 2 scorn 

a?*- 1 -fe vx 1 o*Win LfCVy # t&7 *- V 
■y MbUfcT 5 -*** iI1i352 9frSs ■r>*-**y h 
2^^-LTv ^•feXLT^/c'^-fT'Vh 1 (CJMIl*- 

So 

[0040] 05ti. cWcfc-picLTv av-rvv+r- 
CCO?*-^ His /vy$r (Header) 

(Data) ticfcyawwrti*. 

[004 1] 'Vy$fl«:(4, aVxV'ytfIS (Content in 
formation) s e-'v^/l/fSfrlBStSSfi (DRM (Digital Ri 
ght Management) information ) s ^'f-trVXID (Lie 
ense ID) „ .f*-7U yy*-?u y ? (*SMb+- 



-7) (EKB (EnablingKey Block) ) fcdxU\ EKB 
frS^*nfc*-KEKBC*fflt x TBf^b*nfc=i:/7 1 
V^^r-KciLTOx— S-KEKBC (Kc) jtflEH*tlTU» 

So 

[0 0 4 2] z\>T>Vffimcl,*. T—5i£LZ7*- 

^•y r-ib*nr^S3>7 ; > , y7 : -'S'^sasij-rsfc46cr; 

OflMfflikLTOaVxV'yiD (CID) » ^(7)zi>x> 

[0043] ^^JMtHmiMllctt. av^vy* 
ffiffl-TS^Ufccfc^ttSI (Usage rules/status) is UR 
L (Uniform Resource Locator) 6' t @BSi*'tlTL N So 15 
ffl«B'J35<fctftt!iSlcH:x fl]*(i's □V^>y<0B4lH] 

[0 0 4 4] URL(is 5-<-t!VXIDT*l^?nS5-f-tr 
>X£SW#-r S i*7'-7-bX-r ST 7 K UXlfSBT-ifc y s 

^-f-tr>XIDtis t 1 '— ^LTlBiiStiT^SaVxV 
©T-feSo 

[0 0 4 5] x-^tis ffit©»«>H»fl;7Py* (En 
cryption Block) (C<fcyiifiK;!r*lS. MHHb^ny* 
(is -<-->-v;l/^-> H/U (IV (Initial Vector) ) > -> 
— K (Seed) » SWaVfVyf- *£*-K' cTBf 
^1bLfc7 l -'SfEK'c(data) lC&.vmflLi£ttZ^Z>o 

[0 0 4 6] *-K'c(i* ^5ClCsky^*tlSsfe3lCs 

nMlfclciSffl LT5SSI*tlfcfillC«fcy*fiR*tlS. 

[0 0 4 7] K'c=Hash(Kc, Seed) 

[0 0 4 8] + ; 1/^-7 MUV<t->- KSeedlis £ 
BWfb^n -v ^SicS^SIIlciS^* nSo 

[0 0 4 9] dcDBi^-fblis □7f770f-^58/i: 
-f hJHffiTE»LT» 8/U KSlCfftotlSo &iSc7)8 
h©B§^-1blis ffjIScDS/W h<DBg^fb<3Dje**iPJ 
ELTfrtoftSCBC (Cipher Block Chaining) KT' 
fffetlSo 

[0 0 5 0] CBCt- FtDlf-B-s S^CD8/ W \-<D=l> 

Jf^Bi^lb-rsi^tis -<-$/+;u^ h;nv 

[005 1] C©CB«-FtcJ:*nHWb*ff3Ci: 
T\ 1 ocT)Pi^b^P'y<7^ftPB!*nfccbLT i t.s 

flfiOBHWb^P y ^7lcJj «t-Kc «b*WJ?n 

So 

[0 0 5 2] ^J5s CCW^btCOUTttx EI4 6^# 

^iclts «tci¥a?-rSo 

[0 0 5 3] $fcs B»*i«C"3^Tt*CtHclH6* 
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[0 0 5 4] JK±©«fc3l=LT* ^7<7>h1li, □ 
[0 0 5 5] l.frL&#<=K S^^-f T'V V 1 (is Btfi 

[0 0 5 6] 7T7 7S4 1(CfcV^ ^-TT'VM 
©CPU 2 1 li. :i-+f^A^Jg|3 2 6^ffr^C<!:T-fg 

^Lfczivxy'yaiisijifSB (cm) =&sw#r£ 0 

[0 0 5 7] ?LT, CPU2 1li, P >T>Vm$7T^ 
tiZt. ^cozjv^vyKttJ^-r^'i'-trvxiD 

^SS«.o COT5-f-feVXlD«:, E15te^?ni>ct;-5lc, 

[0 0 5 8] X7 1 'y^S4 2tCii^ CPU 2 1 

It. 1 T-M^IX5tl/c-7-1'-tr>XIDlcW5£; 

S4 3ic3«^ cpu 2 1 1*. ^-f-nyxmmmm^mn 

c:© : 7i'-b>xis?#sasroi¥*fflti. EI7cdxp- 

[0 0 5 9] 2lCfc^Tv ^-feVXtfeE 

S 4 3 Kfcl^T. VXIS^SaSA^TS-tl/i^ 
^ ^•feVXtflX^ftfcJi^ 7.7 ; 'y7S4 4tc5i 
CPU 2 1 it. WmZtlT^Z^f^sXlttitomR 

iZ£VimZnZ^%mi±B#£tk%l?%Z.tT-WWZ 
*tlfc»^ CPU 2 1 li x Xx7 7S 4 5(Cil^ 

p«Bi±x mi o<£7P-T^-h£#i»sLT&as-r£o 

[0 0 6 0] T.?'yyS4 4lCfclNTv 5-<-te>Xli3: 
yS4 5tCfc^T, 5^>X#MWr**l/ct§^ Xf 

yys4 6izm'h. cpu2i«, mmtznT^z=\> 

T->V=r— 9 S-IEUSP 2 8fr6f^iiJU RAM 2 3 (C+S 
tt*-a-^c ^ LTv XT77S4 7lCSS^T. CPU 2 1 
li, RAM2 StClEilfTttifcBf^byP-y^Wx— 
El 5 cTj^-£ KiEg* tlTOSBg^fb^p y •J'^ffiTx 



a§^b^a52 4{C«$&U =!>7 ; > , y*-Kc^ffllNT 

[006 1] =3>7 i >^*-Kc^#S^£<DftWJW, 
Ell 5€-#?SLT^ai-rSA\ 7/WX/-h*+- (DN 
K) (El 8) fcffll^T* EKB (El 5) (C$$tt3*-K 
EKBC^SC-btfT^ ^(D^-KEKBC^ffi^Tx t- 
iS» KEKBC (Kc) (El 5) frSs PV^vy^-Kc^fS 

[0 0 6 2] CPU2 1li, Xt7 4 8 tCfc 

^Ts B§^{b^352 4lc t ty«^*nfcP>'7 1 > > yT : 
-^^P-x-y^gP2 5tC««§U xP- K3--t±3o * 
LT, P— 7^^952 5 tCJ:t>xP- K?nftf-$ 
CPU2U*. Atii7K>*7i-X 3 2^6*7133 

So 

[0 0 6 3] EI7CT;7P-^^- h^#SSLT, 

El 6 <DX t y 7 S 4 3 T-frfotlS ^ < -fe >XUtf# «yi<D 

[0 0 6 4] •>5--r7 , '> M WtttCv-f-feVX+f- 
/Uc^f«Ci:lCd;»J, DNK (Device Node 

Key). V^-rTybKDmi&M'KMmO^T. 

[0 0 6 5] U-7IDti, ->5-T7'>hSt::#jy^TS 

3EKB (Mmt*—Z?UV<7) lC$$n^Bf^b?tlT 

-K*-T«5 (EI1 2^#^LT^-r«) „ 
[0 0 6 6] WSJlCXT^yS 6 1 K^T, CPU 2 1 

it. L^ias^.bs-nT^s^'r-bvxiDic^-rs 

URL£, EIS^-T'N-y^SWfrSo ±SiL7c<J:5 

>x i Dicttj&t % 5 •< -ti >x^sx?#-r s <t s-T-^-tx-r 

CPU 2 1 it. Xf77S 6 1 T-SMfLfcURUCT 7 ?-!: 
X"T5o RftWtCfi, jifigB2 9lCcfcf ^.-y H 
2 ?^LT7-l't>^-/U lC7"j7-bX*^Tt>n5, 

LTs «A-r^-5-f-b>X (PV^V^^ffl-r^CDtC 

^^5-r-fevx) ^g^-rs^-i'-bvxm^ifss. m 

mca-+fiD«t:/\°X7-KWA7:^5RLT<« 

■rz>m9<Dx : rvys 1 o 2) „ cpu2 1 1*. comx 

StC»^T» A7JSP2 6^J*fFLTs 5-<-tr>X^ 

iff«n. jl— trio. fccfctf/^x^-K^ATD-rSo 

C(7)a-+f iDt/^X^- KW\ ^^^T"y V 1 ©a-+f 
6\ l-2^^LT7-f-b>'X+f-/UlC7' 

[0 0 6 7] CPU 2 1 ti. X77^S 6 3, S6 4(Cfc 
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WJ&&££tAz. a— If IDi/fX?- K£ISty&Cro 
CPU 2 Hi, XrvZfS 6 5K331T, iHia3 2 9£fcl 
iSPL, A7J*t.fca-+flD<!:n°X , 7- K*. ^f-b>X 

*g^««atft)— exf-$ c^arr*) tc^^nsu 

[0 0 6 8] vl'-bVX-y— M'4ti, e]9=&#!!8LT& 
a-r^Jt-pt::. a-+HD<!:/\°X'7- K, Mmc^-f-bV 
X*g£ti$BK*^T5^bVX££fsl,T<£ (Xt 
•>7°S1 0 9) *\ $f;:ti, 3ki<tfty&ttftr^t§-&lz 
ti, 7f-b>X£iM<ILTCft^ Uf '^S 1 1 
2) . 

[0 0 6 9] Xx-y^seeicfciT, CPU 2 1 {J, 7 
-f -fe > X -y— / ' ; 4 6 5 < -b > X tf JMff * n Z * frS 

[0 0 7 0] ZT'fZfS 6 6KJ51^T, ^-f -b^X*^ 
«*tlT3lf5:U'<!:i|fJ^L./-cJi^ CPU 2 1 t*. 7.7^7 
S6 8Kj£*, x^-SQS^H^-r^o UttMKli, CP 
U2 1 li, Z\y : r>^mmt^TcibCO^^-il>Xm§ 

[007 1 ] &.±<0£?lCLT. S'^-l'ZVh Hi, 
zi y > x - $ IcftBS L T ^5 =y -f -b > X I Dtc ttJfc-T 
£5-f-b>X£3tf«LT, ^3VtV7^S 

[0072] mTOi^^^Tjmwmt. 

[0073] ^p^^Ty V i lcjf{&3'ti.3^'f -b>x 
ti, EI8lc^^n?.cfc5lCs U-X 

[0074] ftm&mzit. zo^-r-tyxicm-i^ 
cttfpjtg&^yp-Kjm ^w^-r-fevxics^- 

tt^Pbf-lsHiSO , ^x-y-77 7 ^ hES, S^^i-y^ 
CD-RlClBirr3C<h*T*;5*ifiJ, PD (Portable Devic 

e) iczus-tzzttfejmKmm. ^^^yx^pm 

[0 0 7 5] EI9<7)7P-^^-h^#MLT, 
E17c7)'5'^-r7> f- 1 O^'T-feVXIX^jaiS^WtSLT 

nnztiz -< -b >x+j— a 4 cd^ -< -t >xa«sasic 
^-r^v r- 1 commit. ^<-b>x+»— /uohs^ l 
[0076] xt7?s 1 o 1 teaser, ^-r-bvx+f 



-A4<dcpu2 Hi, v^-tyyb 1 cfcyT^-bx^g 
tt«$Ti#«ILs T^-bXfcgW-fcfc*, 7f'>7S1 
0 2Kii*, 7 7 -j7-trXLT#fc-577f T'Vr- HC^L 
T, a—tflDir/fx^-K, MlflCv 5^-bVXjg^tf 
fB©^I€-^-r«o ±£ELfcJ:5U:L.T, ^t'T'V 
MfrS, E17C0X7 1 'y7 p S 6 5CDSaST\ il— fIDi: 
y-XIDMtfK^-f-bVXfg^tlNS (5f 
-b>XID) #jMfI**iT*/-;:<fc*, 5>f'-b>X+t-M4 
£>CPU2 Hi, iifflg|52 9^LTdtl^§ff L, SXU 

[0 0 7 7] -f-LT, ^-r-feVX-y— A40XPU2 1 
li, Xx77"S 1 0 3K331T, jHISP2 9^51*^ 
-M'5 KT^-feXU a— tflDi/^X^-KtC^-r^ 

— h 2^LT : 5t'4z>X+t-/\"46^e#fi5fl ! S© 

t\ &mz5>**yx<D*tffico*}k^conmtf&%fr& 

vxcDW^^fFS-r^^fiiKm^sfiL, *&i^<o§i*i 
§<if6^si«^tct*, 5i--tr>x^ro/FiiFprOT4<Sise 

[0 0 7 8] Xr7 7S 1 0 4lCfc^T, 5-f-bVX-y- 
-/UOTCPU2 1 te, B^+t- /VS^e^f^^, 

^-r-bvx^^-^-rsiii^i^s-r^ ^t^s ?* 5 6^ 

SA^W^U ^-f4r>XtD«^fFS*nTt^5ti^ 
lct±, Xf'^S 1 0 Sicily XT'y^S 1 0 2CDSQ, 

y tifc ^ -r -t* > xjg^if $Btc«is-r s 5 -r h* 

>X^, 1311^2 8KiS1t?*lTl^5-l'-bVX<D*fr 
6Kyth-To 1311952 8 (C|B1t*tlTl^5-l'-bVX 
ti, $e^U465-f-b>XlD, /i-'Jay. fF^B0§, 
^^PS^(7)11l$B^fBai?nT^^o X7'>7*S 1 0 6 
iCfclNT, CPU 2 1 it, *£>5f-b>xu:§ff Lfc'J- 
7ID^flar^= ?5tC X^ysi 07(CJJIT, 
CPU 2 1 f*, Xf7^S 1 0 5T'IiRftV/i:7Y *>X 

*!>fflic*nTt^ffiffi^ft(c#)5n?ti5c cpu 2 1 
sjn * titctem&ft* =z> << -b > x ictt ua -r s o 

[0 0 7 9] Xr'y^S 1 0 8KJ51T, C P U 2 Hi 

^ -r -b >x+j— y ^isffiatc j:y5--f -bvx izmz u 

C tlic <fc y , El 8 ICS* tl^ cfc 3 ^*Sfi2cD5 -b VXA^ 

[0 0 8 0] ;^tC, Xt7 7"S 1 0 9tCJt^, 5f-bV 
X+^- /UCDCPU2 Hi, ^ro^'T-b^X (E181CS* 

2^LT9^'T7 7 >h 1 immZitZ* 
[0081] x^^ys 1 1 OlCfc^T-T'T-bVX-y-- 
/U0CPU2 1 (i, X^-y^S 1 0 9<DMS?J\ I^^jH 
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f'^S 1 0 2CDSaSTSXtl^SnfcIL-+flD<ty\ 0 7.'7 

?77si 1 1 leasts cpu 2 1 it. m&®.wzn'<j 

r«» Jlttttlctts CPU2 1I& i§fS8P2 9fr5S!&-9- 

ic»r«wftffla*K*r*. /*5i*. cross 
a.— W«afct>«Tt>*»ofc «fc 5 &Jf£lcti, 

[0 0 8 2] tfcfo^ C©»£K:M\ 5* 

T<S©T\ Xfy7S 1 0 4fr67f7ys 1 1 2 IC 
ii*. CPU 2 1 f& i5-$a3£»T-r3 0 jlttttl;: 
M'4£>CPU2 Mt. ii1tg[52 9«*J 

[0 0 8 3] ±a5L/c«fc-5fc, tC0<7^^y 

>h 1 tt7-ft>XSS^5CimSl s «)7, *© 

[0 0 8 4] H1 Otis 06ffl^T77S4 5lCfctt3 
5-f-feVXK«f«a©SMB*«LT^*. HI 0OX5 1 
77S13 1 T^Xt^^S 1 3 5 ©MSI*. El 7 ©7. 

77^561 mxf'^s 6 5(otnmt^mcmm 

OSHIT'S^. fcfc'U Xf'y7S1 3 3Kfc^Ts CP 
U2 1tt» BtA?"*7-f-fe>X?W:fc<» JB*TT*5-f 
-teVXCD^-l'-trVXID^SXtl&tr,, ^LTs Xf'^S 
1 3 5lCfcVT> CPU 2 1 tt, n.-+flDi:/\°X9- K£ 
<tt.tc, M$rr35-r-b>X©5-f-tr>XID£, 

[0 0 8 5] 3 5©jgfB$tt3ldttJE;LT. 

?SLT<£> (HI 1 ©Xx-yX'S 153) „ ?CT\ ? 
5l'7 , > h 1 ©CPU2 1 lis Xt^XS 1 3 6lc£l^ 

U Ctl*Jll73®2 7»cm73U «^*-t+^, 3.-+T 

Lftyn. X77 7"S 1 3 7TCPU2 1 «\ J-X±©<fc 
ft) *J»Ar*/£460*La**5-f-feVA**— /UlC 

(H1 1 OXfy7*S 1 5 4) o fCT, Xfy/S 1 

3 8 leasts f^-try h 1 ©cpu2 m % 

X?WUfr5©ffifll*ft*IMIU X777'S1 3 9 



[0 0 8 6] HI H3\ J-X±ro^v'T7 7 >M ©5f-b 

[0 0 8 7]*H]ttU X777'S15 1lcm, 
■fe>X+r-/\*4©CPU2 1 ti, ?5'f7»>M &*><DT 
?-teX&>gtf&t, X7 7 7'S1 5 2lCfc^T. *5-f 
7 7 > h 1 tf777 7"S 1 3 5TatfflLfc^<-fe>X»je 

[0 0 8 8] X7 7 7"S 1 5 3lC23l/»T, CPU 2 1 

*fjsr*ffiffl*ft a«r-r*ffiffl*ft) raws 2 8 

frSBE&tUU ?5>-<T> h 1 Kafirs 

[0 0 8 9] CflDS^lcWLTs ±2Lfcct:5(C« ?5 
-fTVH frSffiffl&ftWBIAtfH 1 0fl)7777"S 1 
3 7ro5£iST-^ L3i$n«<tx ^7 7 7"S1 5 41C&V 
7\ J 7-f-teyX+r-M'4©CPU2 Itts $U&£nfctt 
fflSSfefFlcm-r*^— ?*^fiELs ^7 7T'S1 5 41C 
fc^Ts ^'fZVhi: HcaSflir*. f^7VH 
liv ±5zELf;:J:-5U\ X777"S1 3 9©5aS7SfIL 

[0 0 9 0] *«Wlt*>fT«, H1 2lC^*n^cfcd 
^'P-F+tXhY^'J^aV (Broadcast En 
cryption) £iG©!ISU:ScJV7\ r7 WXt^-f -fe V 
X©*-*MSI**l*. BJTy 'J * 

*U (leaf) jtMH*©^* X©*-lc 

*fjsr*. hi 2 offlio^ s^o*^es#i 5*? 
[0091] h* *,a3TW*n*y y-«a 

-rafSU*-K0, K16\ 3«BO/-Rc» 
CSLT+-K 0 OTijUK 1 1 g4fifta©/- RC*f 
fSLT*-K0 0 071jM*-K 1 1 1 *>\ *tl^tl»JS 

(7/UX/-K) ICv *-K00 007!jMK 1 1 1 1 

[0 0 9 2] »JMUBt*tlTt , '*fci6s ffllAHfs *- 
KO 0 1 0i:*-0 0 1 1 <D±itL<D*-te, KOOU 
■£tl, *-K 0 0 0£*-K 0 0 1 <D±ffi<D*-tes K 
OOitrnTt^o WTISHtlC, *-K00i*-K0 
iro±feO*-liv K0i:*nx +-K0i:*-Kiro 

[0 0 9 3] □>x> , y^fUffl-T^*-^ STlSOTx 
/WX/-K CJ-7) «±«©/l/-h/-K* 

^5= #^3CD/-K (U-7ID) (CWJS^*7 
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K0011. K001, K0 0, KO, KR£^t;/\°7.© 

[0 0 9 4] *5|B^<D->7.7 1 ^tc33^T«x El 1 3lzm 
S-ft^cfcdlCs EM 2<DHSlcS^T«fiK*nS+- 

JbMT^n-S, Ell 3©#IJTl;iU 8 + 24 + 32i©/- 
Ftfyy-flHl.tS-tu ;U- h/- Kfr5Tffi©8&3: 

^d y <>: tfij*. / * y -r ■> * £©¥£{** ^ 
ijzmmtzm&otiT^'j. xv^/i/j&jM^gfi-rs 

c©*7J'J/-KO??C1 -3©/-KK> =-f-fe> 

[0 0 9 5] -f&fc>-5s £©T->XxA©/- K^'J? 
6lcT©P£JI©2 RcttfS-f £*-lc<J:y, 

: 7-<-tr>'7.* ,i «p&5'n^o c©#j©*!i-£\ ctuc^y* 

224 (jj$n 6^f) ©5<*>X:&St;rr5C<!:tfT# 

So fetCx wtTffly<*>3 imommK&v-. 232 ($5 

4¥;tf) ©a-+f (**l/H4*5'T7'>h 1 ) 

£il£:tf7-$£>= STlft©3 2|8©/-RottfS-t5* 
DNK (Device Node Key) ZmffZU ST&©y- 

7 \Z ttlfcf 3 I DA^'J - 7 1 D i: **l3o 
[0 0 9 6] Sx/KX^-l'-teyX©*-^ 6 4 
(=8 + 24 + 32) !£©£■/- KT-flS/S^tlSKX© 

F<g© 1 OKttJSzTtlSo ftlxtf. UVxV'y^Bf^bL 

n/c/ \°x^s^-r s / - KicWfj-r s *-^^^TBi^ 
ib^nso ±t&©pgji©*-wu *<Dm%:<DTtiL<DV%m 
<z>*—*m^zv%mtzrL, ekb (hi 5=&#silt 

rtlcSBS^n^o STl£©DN Kti, EKB 

AiciiBB&nr. tf-trx^-stcfeastftu a— ? 

<D^7^^(T> h 1 lC4?*.6tl£o f7f7>HI4, 5 

x-^itticia^^nsE k b (eh 5) rtttisai? 

ftTl**lI3fi©±ffi©»Ji©*-*tt#U «^L^# 
fc*-*J!L*T. EKBrtlClBiaa-tlTl^SSlC*© 

[0 0 9 7] Ell 4{C|!WS > yU-«it©*7 1 =J , 'J©»^ 
©JH*ttftftl*w-r. HI 4tcJ3^7\ R6«^U-»jfi 
©»±«tCtt» /U- K+-KR2 3 0 1 AlSfh, J-XT 
©f IHMftlCtt/- K+-2 3 0 2#KJ£**U «T«t= 
fcJu U-7+-2 3 0 3 tfiajE^ti*,, S-xVUXtetil 

[0 0 9 8] »±S6^5MM®a (Ell 3©ffilTtt» M 
= 8) ©ffij£©/-Ktf*7 : :iy/-K2 3 0 4£LT 



xJu©7 s /^^K3e/-Ki*ft*. mMis©io© 
^-©* 7 1 d'u tc^sns w xtcim-r sy - kb j:^ 

[0 0 9 9] 0O;ttf01 4©MMISi©1 0©/-K2 
3 0 Stcttfc^dty [^^'JXf^'^ (SSI) ] ^fg 
JEStV C©/-KJXTlca**/-h\ y-Xte*^ 

"5* 7- K2 3 0 5J-XT6\ /tyXx-f'J''?©*? 1 ^* 

uic^?n«7 :r /Kx©Kisy- k, asjjtfu-?© 

[0 10 0] JSUU M«^siwa»Tffi©«B:*-9-^» 
xdyy-K2 3 0 6<bLTis;rr3c<!:#T-?;5. h 
1 4©^j7t*. a^dy [y^yxT 1 /-K2 

3 0 5©2ST©/~ KU:, ^t^T-f'^SffflL 
LTv [ff£*fflt§] ©/-K2 3 0 6tff85£*:|aTt> 

So sstc +f^rj5 i d-uy-K-c'«ss^*ffls©y 

-K2 3 0 6WTlCs !!£»«»©*?= =T'JlE**ft* 
**WS«MBW*«B©y-K2 3 0 7tfia«*tu * 
Sfc*©T<ftlc» **B£«tttt*WS©»x=ru tc* 

sns [phs] y-F2 3 0 8i, [stums] /- 

F2 3 0 gtffS^ftT^-So 
[0 10 1] f6l;, fc^d'A V7ij 1 r3'Jt* % 9l\ 
-fX©iS3S©^6.-r\ flRtf* 3 =i>xV 

tPf^) 7iS^rSCi:6^pr«g7-SSo 0©rj 

fJ'j/- K*y-i»««y-»-©K3S-r*^-A« 
»xYz*ffl©]iijSiy-KtLTKje-rnwfs p<-»- 
©E3rr*y-A«»x y z it, ^©Mj^y- kwt© 

««^nBt*y» -?-©^x B8^b3>x>*y©E{= «s 

l"»tt#«*-©E«» M*frSaS«-, ^©31^/- K*- 
J-XT©/-K*-x y-7+-lc«fc-3T«fi8*ti**«& 
<b+-^"P->^ (EKB) «£J8LTE«U ULSiy- 

pTSgi^So 

[0 10 2] C©cfc3(Cv 1 o©/- K^Mi LT, 

ifS cillery, sbfJ'J®, SSiM*+f^*xdy 
«©io©mja/-K*wr*p<-*-» 3>x>"y 

y<7 (EKB) *3a§[cft«LT» Mja/-KWTK« 
t5f/ W X lci3ft-r S«fi£^ pJtgi ^ y , DM*/ - K 
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[0103] mtuSs hi 2tc^*ft*yy-«i5fifcfi 

l^T, 1 o©^;l/-^lcf$n54O0f/K^O, 

1, 2, 3l4/-F*-<!:LTftjI©*-K0 0, K 

cttcjcUs n-m<D-3>T->y*—&7 : /wz.o, 1, 

2, 3©Wc*i4rf3c:<t#>Uft&<!:&£ < , fc&jU& ft 

iiic«*r*/- f*-k o o g{*£=i>' t 1 

•<XO, 1, 2, 3©2f6 ,; ft}i©=l>7 1 > , :/*-©iS:£ 
tfRTDBT**. $fc, frft^VrVn-Kcon* 
/-K*-K0 0T*B8^bUH!En c (K0 0, Kc 
on) *y h9— >*^LT**L^*ia»MH*H:tt 
MLTx/^^O, 1, 2, 3 tCiBft-rtlWr, 
0, 1, 2, 3(Dfrt)\ 'Ztl^ftOT'/WXlctS^TU 
F+-K 0 O^l^TBf E n c (KO 
0, Kcon) »T3VfV7*-Kconi£jl5 
CttfRjflBtfc^o Enc (Ka, Kb) teKb 

£ K a K <£ o T PWfb L fc x - 2 735 5 C <b tST = 

[0 10 4] SSP&SUcfclvC, TVKX3© 

m=&-r«»K 001 1,K001,K00,K CKRtflfcSS 
* UvyiJ-) iz 4. »J K«t* tiTSM LtcCt L 
fcJf'&v ->XxA (r/W70, 1, 2, 3 

©^;b-y) TaSSflhSTftSx-***'*/!:*^ xM' 
<X3«->X7 : ix6^WyS|-r^S6 ,; ^?.o ZrCDfc&lc 
(4, /-K*-K001,K00,K0,KR%. 
fftftSK (t) 0 0 1,K (t) 00,K (t) 0,K 

(t) RlcBKU 1, 2fc*©H*r*- 

£e*.*«2*#**o K (t) aaali, gK 

aaaOttft (Generation) t ©M#r*-"T££C 

[0 10 5] Bfr*-©efls*Hot*TtWfJI!r*. *- 
©M#H4, Ell 5Afcwr*«Mk*-^ny^ 

(EKB Enabling Key Block) iPfl^^P'^f 

LTs SBSlSiiBSlKWCttttLTx/WXO. 1. 2 

7P-y* (EKB) 14, EM 2lc^?ti5J:5% , y | J- 

^t*-l^oTM?n«„ #«rfb*-7nv* (E 
KB) 14, *-£«r^n>>^ (KRB : Key Renewal Bl 
ock) iWMCitS?. 
[0 10 6] i1 5A|CStfM*-^P'^ (EK 
B) (4, /-K*-©jE«f©j0»«:7 r /^XO*tfB«f 

3, 01 5A©fiW4, 111 2lc5 i ,-r , > i ;-«S>ic|3©x/^ 
fXO, 1, 2tC3Sl/>T, ttf«t©B«f/-K*-*E 



5o Ell 2 6^6R366 ,, ^:J;-5tc, 7/\VXO, f/WX 
114, MSr/-F*-<bLTK (t) 0 0, K (t) 
0, K (t) RjtfcB*?*y» 7 : '/WX2t4, E«r/- 
F +•—<*: LTK (t) 001, K (t) 0 0, K (t) 
0, K (t) RMSTSS. 

[0 10 7] 01 5 A©E KBlOT^tl^JcdlC E K 
Bfc(**tt©IWfb*-##*ft*. H1 5 A ©jftTK 
©Bg-^fb*-t4, Enc (K0010, K (t) 00 
1) 7353=, Ctlt47 :: M-f'7.2©^0';-7*-K 0 0 
1 OlC«fcoTP»fbSftfcK*nV- K+-K (t) 00 
1T*f, x/\'l'7.2t4, S#©J#O l J-7*-K0 0 
1 OK«fcoTC©B§^b*-£fc*U 
K (t) 00 15««Cim5 o a»(Cj:y 
»fcS«f/-K*-K (t) 00 1^Tv Ell 5 A 
©TfrS2|Ba©B8^fb*-E n c (K (t) 00 1, 

k (t) oo) #a»RiiBifcy, s«t/-k*-k 

(t) 0 0 CttfT^So 

[0 10 8] J-XTHi^, EI1 5 A©±fr6 2|8a©Bg-S§■ 
^b*-Enc (K (t) 0 0, K (t) 0) *m^T2> 
ZLtT\ JEMS— K*— K (t) 0*M#Sn, Ctl^ffl 
HI 5A©±frSl«l©W#fl:*-Enc (K 

(t) 0, K (t) R) K»r/U— h 

*-K (t) RA^fSn^o 

[0 10 9]-*, /-F*- K0 0 0f4M«T-TS>l>f^ 
fc£*ftTa55*\ /-F0, M$T/-F*-<h 
LTi^S^©t4, K (t) 0 0, K (t) 0, K (t) 
RT-S5. y-FO. 1(4, 7/WX+-K0 00O, 
KOOOlSffll^ Ell 5 A<D±frC>3$Sig<D9§mt 
t-Enc (K000, K (t) 0 0) 
TMWr/-F*-K (t) 0 0«TO»U WT«H*, El 
1 5 A©±^6 2|g@©Bi^'fb*-E n c (K (t) 0 
0, K (t) 0) ««§t5Ci?, E«f/-K*-K 

(t) 0£f«, Ell 5 A©±fr51«B©HNM:*-E 
nc (K (t) 0, K (t) R) *a§t*Ci?, M 
«fyb— F+— K (t) R*»*o C©J:dtcLT, 
-<X0, 1, 2t4M#rLfc*-K (t) R 

[0 110] &3b\ E11 5 A©-f >x-y?Xt4, El©fe 
«©Bf^b*-*«*-r*fc»©«#*-£ LTffiflir 

u--7*-©ie*]#*ft*^-r. 
[01 1 1] eii 2tc^-r , >"j-«3i©±teS©y-F 

*-K (t) 0,K (t) RCIHtMIT'S^ /- 
F*- K 0 0 ©*©K*rftra#£»?&3 W£tc& El 
1 5B©«M*-7n'^ (EKB) £ffl^-5£.h 
7\ B«fy-K*-K (t) 0 0%7/W70, 1, 2 

[0 1 1 2] El 1 SBKjjVTEKBte, fflZim?£<D<? 

*»^tc*iJfflRr«6T»*. JlWWtLTs 01 2lc£tt! 
Wx-r-?Vl/-yF«g©x/W7.0, 1, 2, 3#a53§3S 
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Mf*«JSl*T£»Js *T/c£ttii©P>-r> , y*-K 
(t) coni)«T*«5tt5, £©<h#s f/K7 
0, 1. 2, 3©ttii©>'-K*-K0 0*K«rLfcK 

(t) o o^m^Tmtct^mcomm^y^y'y^-K 

(t) conSSgfltLfcf-^Enc (K (t) 0 
0, K (t) c o n) Jb\ EI1 5 B (C^StlS E K B £ 

2 <fc LT©E*««qI«6<t35:5o 

[0 113] TftfeS, f/W70, 1. 2liEKB£ 
SaSLT»fc*-K (t) 0 0*/fU»TW*fi:W»T 
tltf* t^T'©3>r>'y*-K (t) con£*#3 

[0 1 1 4] El 1 6lCs t Bt^T'WP K 
(t) con*»««HflitLT, K (t) OO^ffl^ 
T«rfcfc*3i«:a K ( t ) con £Bf#{b 

Lft7-$Enc (K (t) 00, K (t) con) 

Ell 5BU.^-rEKBi5-fB«!«^7>LT§$BL 
rcTiU7.0<rMW%7j<t* -Tftte-SCOfilttv E KB 
ie <fc *Pg^k> y -t- S J9—. ? £p Vf > l > *- K 
(t) c o n t LfcffilTfc*. 

[0 115] Ell 6tC^T«fc3»Cx -7/WXOti, IBS! 

iw«c«s*nT^*ittm*ja<D ekb c , 

SfrUttte*rtLT^?./-K*-K0 0 0£ffl^-c\ ± 
SffiLfcira^E KBSaSlCJcUs y-K*-K (t) 

oo^ti. x/^xot*. a^Lfcs«f 

/-K+-K (t) OO^ffl^T. Hra>TV7t- 
K (t) con*«?LT, *lcf-ft*«ffiT*fci&fc 
i»Jffl«H»9y-7*-K 0 0 0 OTBWfbLTtttt 

[0 116] Ell 7(C#SMb*-7"P > yf (E KB) CD 
hfiHS^fo /t->'3>6 0 1 ti s *sSMb* 
-7Py* (EKB) ©/^-5?3>*^-r«9J-fT*» 

aas* ^a>»*. etf<7)EKB^iffisij-rsa«6 

tiv «Mfct-7ny> (EKB) 4>Bftft4>7 r /M';i 
y-<D»B»*5Vr. x-^*-f>^6 
0 3«, *«Hfc.*-7py* (ekb) ^©x-^ape 

0 6 ©tM*jj**-#-r T* 'J x * 7#-f 6 0 4 
te*?'SB6 0 7 (Dim, 6 0 51***6 0 

[0 117] t'-*»6 0 614* MX.U3EKf«y-F 

[0 118] 2-?'g|?6 0 7«U T-*»6 06\zmm 
m-tz<?T°&Zo C©^y©-f^4;l/-/l/*EI1 8£J1^ 
[0 1 19] 01 8W x-^iLTJfelcEII 5AT 



BWILfc*«l^b*-^Py^ (EKB) *aSttT*ffll* 
C©^©^— *la\ EI1 8B©SIC^-TJ: 

«§tts ;U-h+-©Mff*-K (t) RtfSStlTl^ 
3©7\ hyr/-K7 , KU^ttKRtft* 0 C©c:^ 
fljltfllS«)7->Enc (K (t) 0, K (t) 
R) It. Ell 8 AtCijVrKByy-tejjVrffiSP Olotf 
fS-r^o ^©S©^— Enc (K (t) 0 0, K 
(t) 0) ?*y, i :/'J-±?1iItu©x-£©ffT©<S 

ipoo tcwjsr *. y y -«5i©p/f^©ffia* s sm 

£tt*?j&MlCl»£**l*o tfc (L) £ 

(R) f^} <h EH 8B£0i±S©7 

— ?Enc (K (t) 0, K (t) R) tC»J»r*ttH 
P0©£T©filBP00Kttx— >#**©-?> L £ 
0, felCttx— 5*#&1^©"C\ R*?'= 1 <h&5<, J-X 

[0 12 0]*?tis 5}U;r57-9Enc (Kxx 
x, Kyyy) *\ yy -«£©£'£: KffiBLTt/>3© 
6 s ^-r/c46tCtSS?n«t©T«5= x-*8B6 0 6 
E n c (Kxxx, Kyyy) 

ft:* ^fflU-TtC. ?£©E] 1 5 TUMI LfcHMM) «t 5 
ffli/*T» flat*. 

0 : E n c (K (t) 0, K (t) R) 
0 0 : E n c (K (t) 0 0, K (t) 0) 
OOOiEnc (K ( (t) 000, K (t) 0 0) 
• • • <D*3fcx-*^£TSC£fcWr**!b\ 

zL<o&oiz4>TvV7>*mvrdmmt.?%t.. nm.* 

BWK6^TBff«L<4l\ CtllCttU ±mLtc 

2 ?->k*-tiLWk7i<tm I t— * £ LTffl^S C £ it <£ 
y . &r&^T- * ttBOWSUtf RUB <!: % 5o 

[0 1 2 1 ] Ell 7lCMoTs E K B7*-77 hlCO 
l N T*e>lcBJB^-r5o (Signature) 6 0 8(i> W 
«rfk*-^ny^ (ekb) *«ffLfc«J*.tf««3-te 
(5-<-tr>X+r-M - 4) , ziv^V'yp/^-f (p 

>xvy+r-/<3) s ^skbih (s*+7-/<5) mftm 

'nTZ'Sl'f-WZT'&Zo EKBtaHLftT/t-rxB, 
•*«IHCd:-3TiEa38:W«Mb*-5 r Py^ (EKB) 
S?T*tf«SLfcWaMb*--7P'y* (EKB) Tfe* 

[0 12 2] W±©«fcaicLT» •7<-tr>X+r-/U^ 

5«^^•+lfc■7'r•b>x^csr3^^T^ pv^vy-y-/^ 

3 frs#*es*ifcp vt 1 > i y sspjffl-*- ssaa^s t&z 
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i:^ Ell 9lc^Tr*l^«t-5lcfe5o 
[0 12 3] f^to^ □ >7 1 > , y-?-M"3fr6-5' : 7'r 

^btftlTfcU (Enc (Kc, Content) ) » ziV^VV* 
-Kdi, JU- r**-KR(EKB3b x 5»SftS*-TfcoT, 
El 5 IC jstt**- KEKBCfcSMSr*) ?B»<fcS*l (Enc 
(KR, Kc) ) , EKBiifctCs Pg^b*tlfc3 V5 1 V\V 

[0 12 4] El 9 cD^jmfc^^EKBtCti. El 
2 0(C^*tl?>J:-5fC. DNKTP&^fb LfcJU- r-*-KR 
ffittttZV* (Enc (DNK. KR) ) „ ftoTs ^-fT 7 
VMtt, ?-fcfXx-*lC$3Ma*DNK£jft|ffll,T\ E 
KBA^^U- h^-KR^^^dii^T^^o SSKv /U- 
r-*- KRfcfl3l/>T\ Enc (KR, Kc) frSnVTm-K 
c*tWr*C zl>7 1 > , y*-Kc*fflt>T, E 

nc (Kc, Content) fre^VfVy^tSuii!)^ 

[0 12 5] E©«fc9lC» ^-fT'VhHCDNKSfflg'J 
lc#jyST*CtJC«fct», Ell 2 £01 5£#SSLTUt 
WL/cJSSlC«EoT, H*fl5*7-f7 7 Vh 1 ©'J*'-? 

(revoke) A^RJaglC^^o 

[0 12 6] ^-tzVX'J-^IDfcttlraLTEfc 
i^-f-b vx©»js«t*#ff t>*i* c <h left 'J , ^ 
[0127] *it s ? : ?<<Tz/Y-m<»vi.mmt.m®u* 

[0128] mnmtwgmmm^'o^Tte-. E12 8 

[0 12 9] *»WKfe^Ttt» H1 3*#BRLTBMB 

y © □ > t- > 7 1 -p© w x T-mmt 5 e t ft 55 rt#& 

[0 13 0] El 2 1 lis COHi^SLTfS, -T&fc> 
"5* r/S^DIKtt, T->Xx^(C*^T. DNK 1 

DNK2««j'jy^T6tlfc, ^t'JXr-f v^KCD 
frS U y Lfczi VrV'y 2 *EI*T*C ttfTtf 
E©*£\ HV^V'y 1 iziV-r 

> , y2<hl^3> S&Sv'T.t 1 ^ (Tv'^TAtf/UX 



K#jyaT6nTl"*0NK*l!l!ll»-r*«:£rLT, flU 
x^m^mum^n^iE^^o^tcM^ e© 

[0 13 1] E11 3ltfctt5x fljjttf. TffliJ©3 

2 Pg/l©&H8ffJ© 1 0 1 OlC, El 2 2lC^?n^^l' 

-trvx^x^'ji <h7'r-tr>x*7 1 drg2«:iijyaTi. 
rictus ra— <3D*5 i zruF«i*, -y-^^rr'j^fijffl 

LT< nVxV^^v^-VV/k U-^)k BSrcJ^ E4S 

[0 13 2] El 2 2©®Kc33l^TWu fllTltfs 7-<-fe> 
X^xrf'J Hi* 5>>X©v'>»l4dIU 

AtJ'J 1 tclis 5-r-b>XID6M T-fe^aVxV-y 1 

+f 3icE^^nz"t^„ ^'r-tzvx*^^ 1 ; 2ii, ^< 

-tr>XID2©=i>7 : > , y3, zii/xvy^k fc^tfnv 
T>7 5^Stl, ^-tl^+lIL— tf 1 £3.— f3izmm 

[0 13 3] E©«fc5lC *»J!(C£^TH:» ArJU 

[0 13 4] DNK^x «»*>*7 !f -r7 , lc:*»S» 

&©«>W*J&:<s 5-fH2VX-9— /^4tCj:y > BW03 

A* WR-T C £ 5 . 

[0135] □>7 i >ytt, ^tvA^^n/c^ ^© 

«ffl*#*i<aa* K^-rvicfc^Tts Is]— ©av^v 

S8iI^«i:LT© : 7'r-b>X- , t-M'4^eiJSffiSiv *ti 
lc3sflS'r*aBBa©EEW» (certificates) 6^BB^*tl 
*, #^.-+ftt, ZOmmmZm^T. m& (signatur 
e) *f^J«U HV^V'ytCttiltlLTx ZIV^V^COM 
iE? ( i ntegr i ty) fron >x V i y <D3feSR6± 
^EI^Ci^TS^o 

[0136] co»^«>ias<D«yico^T, 02 3 ©7 

□ -^1r-h*#!SSLTWWr«. El2 3©SaSl*s ^ 
-y'bKOfr 6 L fc ^- ■? ^ aBISSP 2 8 KIB1S£ tt* 

[0 13 7] ««]ic, 7t'>7S 1 7 1 icfc^Tx 

h 1 <DCPU2 1 ti, ilfllSB2 9S-/TLTA^J*tl 
SCOOSSx-* *l3«r — 5« i: LTSX U Xxv 
ys 1 7 2K3bV-c\ CPU 2 1 «v Xxy7°S1 7 1© 

jasT-ix y jisnfctB^T 1 - ^ it * * - * * # a 

tt. 3tfy h©a^-«aHHB (CCD 1 tfy h© 
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bVtt (Trigger) tic «t vmmZti* ^st^VO? 
-^©*tca46a$tlTt>«. CPU 2 1 liv 

7— ?&mm-ztitzmGizit s xrvzfs 1 7 3ictt 
7 3 ©so-siix* •> 

[0 13 8] &tC» Xf77S1 7 4fc&l/>T\ CPU 2 

[0 13 9] fcfcU Zf'^S 1 7 StCji*. CPU 2 1 
t*» Xt7 7"S1 7 4<D&3T'ft^Lfc'vy^£>7 r -' £ 

Lfct)©"?^ (U7C0X7 1 -yys 6 7) „ 
[0 14 0] ^f'^S 1 7 6T\ CPU 2 1 H\ Bfr^fb 

9) o 

[0141] 1 7 7lCfcVTx CPU 2 

3 (ElMS-fet*. 

[0 14 2] &fc\ IBWItttf 5:: 5*4- X 
£\ Xxy^S 1 7 6lc33^Tv CPU 2 1 W\ ZIV^V 
•y*3-T f> >^SP2 5lC#*&U fllX-fc^ ATRAC3^iC 

/t7 s -*ii«iii^btt^aiJ2 4fcj:y*6icB»<b**i 

•So 

[0 14 3] E2 4tis i-X±WJ:5lcLTs SBSaStete 
§ft*nTL^3V7V7 (E (At 3) ) frStttU*ft 

? (wm) » % zxyv-yyon. Cv> 
[0144] E2 5», □>5 i vy*i3«n»iciair 

TV*. COftiKfet^Ttts HV^VVID (CID) , 5 
•f-feV/UD (LID) » URL fc«fetfr>*— 1 Jr-7~? (W 

m) z^&'w'.mtmztiz^zm. ekb. a>y>ry 

*-Kc«;l/-h*-KR-OT»fcLfcT r -* (Enc (KR, K 

c) ) % mm (cert) , ^y^izm^^mtntcT 1 

&*)bm%, (Sig (Header) ) » ziVxV'yfcaVxV 
KcTBg-? •fbLfcx— 5? (Enc (Kc, Content) ) , 
1 (Meta Data) js&XP*— ? (MarkXFSBS* 
tlTVS„ 

[0 14 5] ' ZlVxVyWrtgBlC 

S46a**lTl , **>0"P»*fl { » 18 2 4^18 2 5 ICS* 



[0 14 6] &fc\ *$t-Z\,%, QlfUSs *J**rv 
K WM. WW©?*-****-. 7— *lcoi*TI*» 
HI 3 1 £#!(SLT&ai-f£c 

[0 14 7] B2 6». SEW»t LT©4iM«BE**© 

iClc*jtt*S8ffiE« (CA : Certificate Authority) #58 
ff*-*IHI!»T*y» =L—*fh\ KSEJSttJSibLfcgB 
© I D-PttUMM: fSSEA^*«imiB« ©ItSSBfcttflP 

45M«"b»fTr*©T» a— ftts a— If ID, /\'X7- 

K*=6 ; 7'r-fe>x-y— /t4ic»stLsates*tT-3ct 

[0 14 8] ■ 2 6(C£I*«&MHBI»I& fjEB£«© 

EEA (5-f-fe>X«J— /t4) ©SSux SE9»©#«M1B 
PI, !IB£SfiJJS#©ID (/-KIDSfcttU-^ID) , M 

[0 14 9] y-KID*fctt'J-7ID«, ffllA^ Ell 
2©«©«^s 7/W7,0T'«ntf TOOOOJ ti- 
ns rooon <b*tis 

5T'$Wi' ri 1 1 1 j titlSo Z©<fc-5>5:IDU:*-3 
i^T, ^©x/^'-fX (xv^-r^-r) #y«J-«t^©£ 

[0 15 0] c<D£viz s nv^vy&fijffl-r^©^^ 
3 »A =l>7 ; vy©IBfl5A i: gffi^St)n 

[oi 5i] $fc> yy^iuy^-^-y h^-1212 sics 

ii. SDMI (Secure Digital Music Initiative) «ISlc 
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[0 1 5 2] mZ&s EI2 7(C^?tl^*^ 

t$<D9Bmiz£.V. SDMI (Secure Digital Music Initiat 
ive) tSmt LT©m^©PD (Portable Device) WlC. 

[0 15 3] #:lc, 112 8©7P-^*- r-=&#BBL 
T, *5<7V(> 1 ^©^v-fT'Vr- (0U*tf» PD) 

[0 1 5 4] m.mc. X7'y7S191 tCfc^Ts CPU 
2 1 Wu □ VT->VlC7 r $>*;U»S^in^T^*fr 

Jtlfcl^ 7>7^7S 1 9 21Cj1*. n CPU 2 1 it. £E 

it. -tv*- 1 *- /Ufre^f -trvx+f— M'4©*Bffi 

#BSLTiH^LfcJ:-5»Cs Tf^/Hfttt, SSIiE/g (5 
<-fe>X^-^:4) ©«*«cS-3t*T£f**ftTa3 

?61C CPU 2 Hi, K«t©^yb-^ 

5c -?-ltcpu;2 i it, awstifeMy 5*5* 

[0 15 5] X?y7S1 9 3lC6t^T, CPU 

2 1 niimmi^mtwtu * 

K*ftTUfc^£*J£*ttfci§^ Xt^^S 1 9 4K 
il^v a^»SEKBT«BE-r*«SS*ff-r«o £©& 

leasts BE^w=«n*u-7io (E2 6) 

£ UfrbftS. CWttBEffP^T, 12 9 <hl2l3 0£# 

[0 15 6] l^S, E2 9lC^*tlS«fc3»C, fll*.^ 
10 0 1 WWf/WXtf'^-^Jft 

f/UX CJ-7) (CK^**IS. £©EKBli, 02 9 
KfcttSrVx'-rx ri o o i j «'J«P-?-r3fcJ6(c* 
+-KR, K 1 , K 1 0, K 1 0 0*H«T-T*EKBi:«:oT^ 

[0 15 7] iJ#-^r/WX I" 1 0 0 1 J JXft<D£? 

^«TT!rnfc;u-h*-K (t) r«k»t 

/^•fXniCfiW LTl"*©Ts «H^b*-Enc (KO, 



K (t) R) t-KOCfcoTWrSCi^ E 
«r;U-h*-K (t) R««ff-r«C 

[0 15 8] Sfe, 7-K+-K1 1ttT«y-7lt 
B*r**lTlvfclV-K*-K1 1*JBl*T» Enc (K 

11, K (t) 1) */-K*-K1 UEi'aTaW 

5uiT\ H«fy-K*-K (t) i^Bwrrscttf 

T**. Enc (K (t) 1. K (t) R) 

-K+-K (t) Hc<fcoTaOT*E£T» K8t/I/- 
H+-K (t) RtMltSCttfRFKift?. / — K 
+-K101 ©Tffi'J- 7 (courts H«ICKK>I/- 

h*-K (t) r*ix»-*-*c ttraner**. 
[0159] ssic* ^*tirt^t^j-7*- 
ki ooomsfn-f^ ri oooj »s ss©y 

-7*-K 1 0 0 OTEnc (K1000, K (t) 10 
0) fc&^LT, /-K*-K (t) 10 0«MW* 

MKM»L, M»r/l/-h*-K (t) R*B»«Ci 

tfT*3<, 

[0 160] CtUottLTs 'J^-^^tlfcx/KX 
riOOUtts gB©';-7©1 &±©M»r/- K* 
— K (t) 10 0^ EKBlQJUCtyKfST***^ 
T\ ISAv M»r/l/-h*-K (t) R*«ffr*Cttf 

[0 16 1] V1£—<7^1XTW&^JEW's. ! r)U7> (-7 

mTzmtfi. ^'T-fevx+t-/<4^6i3{f*n, km 

[0 16 2] =&-7^'T7 7 > hti, 

ELT, EKBiBIMflS*153E<!:#T**. C©EKBifiBft 

[0 16 3] «jjU# % 02 9©'J-"7 r 1 0 0 1 J ODID 

CJ-7ID) ri o o i j ri j roj 

TOJ ri j ©4 f-v r- £. LTJESLx »±ffifcfv h*^ 

[0 16 4] ID ri o 0 1 j flMLhffttfy h6M 

E12 9 0/l/-r-*-KR6^6.*ffliJtCjit?o EKB(Dk 
(S^O©^^) t*, 0 : {0, 0} 
i3S«te7*-***-r*fc©T**£W£**l5= ^©*i 

[0 1 6 5] SJntC. /- K*-K 1 ©Tffi©/- KtCJl 
t? 0 ID ri 0 0 1 J ©2SS©fcf-y hfiOTS-5* N 6>& 

ta©7 ? -^©wflR«*-r i t,©T*y> /- k*-k 1 © 

Tffi©^-*©**!*^^^*. tt2<DZ<r?& 
Zo C©^^tts 03 0lC^3rtl«<fe3»c s 2 : {0, 
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0} T&V. wmz : 7 : -*&1iTZ*><D£.-iftZo «£o 

t, mum*. /-K+-K1 oicrc£v*t<z.£tf 

[0 16 6] i5l^ ID r 1 0 0 1 J «D3#@<Dtf-y h 

iio?&'.K zmicmtso zcotz. ki oam&rox 

— W>mm*7f.?Z'? (#^3<D*<?) lis 3 : {0, 
0} WSJC^-r fr***-**,©^****. 
£fflllcit&« /-K+-K1 OOU:fc£y»< 

[0 16 7] 26lc N ID r i 0 0 1 j ©STtekT-y Hi 

1 1 tCWf5"r«t>©T*tl. K 1 0 0<DT{i<7)x-'$'4> 

5 : {0, 1} 7-^5o £ffl!Rcte\ x— 

SL^^ciic^^o y- K ri 0 0 1 J IZ 

lifcdfymw-fci/'CttefctK id ri ooi j (DtiU 

Xli, EKBlCfcfcMfal/- h*-*W»"«?*t^7 s /W 
[0 16 8] CtUoPfrLTs 0J*.ti\ 'J-7+-K1 0 

o ofcfrraxM-rxiDWu ri oooj ±a 
'not. y— h n oooj itfci:y»<2:i:*i«r* 

So «6oT» ID r I o 0 oj cfAyxtt, IES&xM" 

[0 16 9] H2 8tCR-aT* CPU 2 1 tt, XTvfS 
1 9 4©ttBEfflaiE«r3*s ffiW»ffy<K-*3-ftTl/» 
^S^7t7 7S1 9 5WJSU 

[0 17 0] ttzt)-*,, 0 2 6(C^S-tlS<fe-5tc, |P£ 

(Sig (Header) ) «««SE*tlSo TftfcS* C© 
&BM*ffll/»T» xv^/l/S£.Sig (Header) *«#L 

Headertc/\y->jLHa*®fflLT3t»?*lft/\-y->a« 
<!:*'iH8T*E<i:T* Pf*#-HkLTIrtll& Header A 1 : 

»LTx Bi#tf--aL*W-*lWr» HeaderliKSI^ftT^ 

[0171] X777S 1 9 7(Cfc^T, CPU 2 1 It. H 
eaderjtf&BSfiT^SflWfcipJSEU tfKSttT^ 
fctttUi, 7Jr«J-fS 1 9 8(Cttft. *— V-* 

X7 7 7S 1 9 9lcfcl^T\ CPU 2 1 ti, 
9*- ^-T-^eMBNSJIl* ^x-yy-J"} h^gg 
TP***»53^«!pJSr*. ^x-y?7"? r-A^RltET-SS 
Jf-&U:W\ Xxyys 2 0 0Kj!2k CPU 2 Hi, ^x 

•y^7"i7 h^nnt^o rfcfo-s* ^x-yy-T^hrc© 



[0 17 2] Xf7 7"S 1 9 1 tCfcl"T, 7-7^JHS 
«*SfcL4^&«j£**lfc»^ Xt7 7"S1 9 3 ICS 

«yysi 9 5(Cfc^T. BERI»*EKBT«lir«Ct*i« 
T***^ofciWJE*tlfc»^s X7 7 7S1 9 71C*3 

^*i¥iJ^*+lfc«^ *fcW\ Xr77'S19 9lCfc 
l^Ts •?*-^-^'-^tC?x'y^7"J'h<3!)SI±««f3aj 
StlTl*«&H£&rifclld, Xf7 7*S2 0 1 Kji 

*s i^-atsaWrS-ttSo rfcfo-s. commie 
fi7^77htfii?ns. 

[0 17 3] COcfc-plc, SE^£*a®«£ ; 7'i'-tr>7. 
+r-/\"46^3.-+flcgH^U av^WftriMfc. 7 s 

©WEfcfiiiE-r^EtjtfRriBtfc*. cmcfcy, tie 
& □ > t 1 v y 09sen««]»jr * z.t^x-^^>. 
[0174] £5ic> 9-i-^^z\y^y^^ 

T\ O*— 9-1— ?1t«©*fi[=arB6±U 3VtV7 
©J|IE*«SEr £> 21 <h #7* 3 . 
[0 17 5] — J*f^fiB**lfca>xV'y«:, 

©KiE*filiE-*-*C ttfWIBt**. 
[0 17 6] z\>=r>V\t. tef3&fF£*£ 

[0 17 7] 7— ^(0*Jffl*atC-3tNTW*r 

«o *»«tcfe^Tti» ±mLtz&oiz s mourns 

[0 17 8] 7'ft>Xi3>T>'y», 1»^CDMfl( 

(D&makmzvfrizs&TZMtmmtKz, *ct\ c 
^es-r s c t A 51 RTtg <h % 3 a 

[0 17 9] CCDV— ?lcti> E]3 1 iZTT^n 

Z£?IZ, a— tffflID CJ-7ID) , ^177^ ffi 

[0 18 0] ?6(C, 1-tlZlt, 'J-7ID, m*«l7 
[0181] W**75^tt» ffil3t«» Bff5£<0J(BH^ 
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m&) icnm-znzo &mMtem*M. nvxvyare 

tem.tz&ots.tz. ttDmmc^y^y^^^oyn- 
[0 18 2] -^-mmat. *ti£?iczo)3>T> 

[0 18 3] 1213 2©7P-ft- h^PIL 

[0 1 8 4] S:flJ(C N Xf77*S2 2 1 iCjSt^Ts CPU 
2 1 it. A77Sf;2 6fr5<DIL-+f^g^tcS^T. -f 

[0 18 5] 7r77°S2 2 2(Cj)^T, CPU 2 1 It. 
a-+ffrS<DA77SP2 6^^LT<7)A77^SXy^> J £ 
© A7D (C *tJ£ L T 5 -< Hz >7.+7- / U icti LT 5 •< -t V 

[0 18 6] CCISIcMlSLts E13 Sro^P-f 1 -*' 
-h£#!SL7&5zirr£>J:-5l^ 5-f-tr>X+7-M"4 

(03 3^Xfy7S2 4 2) o fC?, X77 7" 

5 2 2 3Kfcl/T\ ^'TT'Vf- 1 CDCPU2 1 It. 54 

[0 18 7] 3.— Wis c^a^ics^T, rnmzn 

fcafifi*7***fr5fr*fU»rU ^©WIIt^IcS^ 
[0 18 8] CPU 2 1 it. Xr-yZTS 2 2 4lCfc^Tv 

-a-lct*. Xt^-v^S 2 2 5(CJ1^ •7f-tr>X+t-/U 
[0 18 9] ca)7^ji3ED*§ffr^<t. ^f-trvx+f 

7^S2 4 4) „ A^'y^S 2 2 6tCfcl^Ts 

95'(T> h 1 ©CPU2 1 lis 5-r-te>X+r-/\*4fre> 
©"7— ?*SW«*£, 7777"S 2 2 7lC33l/>7\ § 

tzsx o fc? — ? £ =1 > t- y y imtt>$.ts Wim&n'fi? 

WFS-r^PVxV'y©^--?,!: LTs El 3 1 izjr^lriZ 

6 o j&p/t^«I7 z> Vmmznrc^r-? t^y^yyiz 
ttfoLTsSBiZtlZLZtlcKZo Xtc. LZOtZ. CPU 

*;U3£ (IH2 5) feMSrU GIMittlcIBftrs. 
[0 19 0] 2 2 4KJ51^7\ 



-/\"4 6^}i^T*'n/i:^fiBi6 , :7^*nTt^t^fiJS? 
tlfc*&, X777S 2 2 8lCjla^ CPU 2 1 «^ 
*nfc»1iB*7* L&l^C -tr>X+7-A'4 tcii 

[0191] C^cfca^^^'TT'V I- 1 (DtSMtettfc L 
Tx ■7-f-t>A+7-/Uti, E]3 3©7P-^ + - HC 

[0 19 2] r*fe-Ss SffltCs X777S24 1 (C£ 
1>T, ^f-teVX+T-zU CTXPU 2 Hi, ^-fT'Vh 
1 #S5^*VAIlt^Ky©»Ktfa£«*nT< Si 

(03 2c7)7.7 1 -yys 2 2 2) , CtV&SttSX'A 7. 
x-y^S 2 4 2(cfc^7s a* < h*tiTU>S^-<Hz>A 
©H^Bl »J K<BSttttffli«IB1tfl: 2 8 frS^*ffl U £ 
n*^v-T7 7 > h 1 KiMfif £<, 

[0 19 3] ±mLrc£oiC. CcDJ:-5^LT}f^T*-n 
/c*t«C*tLT. V^-lTy h 1 frS«,^l!rtt/c*Mffi£ 
7*r 56^fr©>IS]j!>^l£ tlT < £o 

[0 19 4] ^CT, X77yS2 4 3lCjiC^ 
•fe V7.+7-M' 4 <7)CPU 2 Hi, *5-f 7 T > f- 1 fr^Ti^ 

W^LfcJS^v Xx-v7S2 4 4tCii^ W^i^n^ 
5 ■< -tz >7.©Ml^S* U y vM- : J*S*S^-9 * 

T\ ^^-T7 7 >h HC^l-TSc d©ct-5tCLT^f* 
n/c^-^tis ±a?L/cJ;5ti:, l^-iTyv i ©fBti 
gP2 8lcfc^T> ^FS-r^PV^V-yicIB^tl^ (EI 
3 2<DX : rvZfS 227) „ 

[0 19 5] ^777S 2 4 3lCfc^Ts <7^^fTy h 
1 6^7^ca«]6^fll3rnTt^t^<!:W^xJtl/i:Ji^s 
X7 ll J'7S2 4 4c7)ft3 ! StiX*yy*n^o -r^fe-Ss 
C©H-&lclis ^-f-bVAOMl^ySQSA^fi^W^T 

[0 19 6] IU3 4lis 7.7 1 y^'S2 4 4lC*5^T, 7 
-f-b>7 t +7-/\*46^6^7-i'7 7 > h 1 lc»LT^l7*-n 
>co«^J*«LTi^, zomicis^Zlt. * 
<DD.-V0)V-7\D. m^my^^ (Own) , ttTflCV 

S U:Sr3l,NT£fi)c£ n/cx 5^* ;US^S i g s (Leaf I D, Ow 

n) icd;y, ■v-vmmztiT^Zo 

[0 19 7] LZ(D^-<7i,t. ttfeCDIL—V'iVttJg. 

iS-ti^PVxV'y^ptf-^nfcJS-a-ttiis * 
- * tifc n > -r > y tc«Bi-r 5 ^- ii«a ^ zrn^o 

[0 19 8] C^ctatcLTx =l>7 : > i yt^-<-tr>X 

[0 19 9] Xiz. 7)\s-¥y<fico^Tmw?2><, «[ 
!!S©^l«S^'^7 : V7 7 ^)iatcll46s ^©l oO^F'gK 
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o\z?Z>z.£\t, ^;u-tfv^t**ti*. iiflts £© 

» JB^t * C £ J: y » S» U: U- tf > « C 4: 

[02 00] £ 7c, #«Nt«*J6BM LTfc < C <b T\ 

t°V?Hco^T, OLTlcimtio 
[0201] c©»&, a— »fti, ?i\>-tZ><m9i£ 

EOEEfcOBMflSlCOl^Ts El 3 5 £123 6 
©7P-^i>- HMMRLTBttlT*. 
[0 2 0 2] STOIC, 03 5 037 U-=f-M- hfc^KSL 

W»©a«flS.lCO^TK^r«. ^7^2 6 1 tc 
fcl^T, ?5-f T'Vh 1 ©CPU2 1 li, -£>•?"© 

[0 2 0 3] #IC, 2 6 2^^, CPU 2 1 

li, n— tf©A7Dg|52 6frS©A7Jlcgcn^T, 
>yv-j^3izy^-tixu Xx-yys 2 6 3lCfcl/> 

t, xry^s 2 6 1 o^TfasstifciHWiav 

[0 2 0 4] SEW»tLTtt» ^-f-feVX+f-M - 

[0 2 0 5] J-X±(DSQSli, ?lU-\£>?ttMl£itl% 

[0 2 0 6] #lc, 03 6C7P-ft- h€-#BgL 
T, 03 5©^7-f7Vh1 ©SEl!B»©B»M! ! 3tES«tJ& 

[0 2 0 7] STOIC, XjyT'S 2 7 1 Cfit^ 

7 1 > , y- | t-/urocpu2 1 <7^-cy> h 1 fre&fi 

*tlT*fcIIB^»«-§ffl-ri.«k, Xf'^S 2 7 21CJ5 
1>T, *-0>EE£ft€IB1l8P2 8(CggS-Ti. 0 

[0208] JM±©»3atf» 

2 Slew, fll^tf, H3 7lCS**l*J:5fEs 

Sic, tO^I/-ytitft«T/t'rx«)iKWli ( l* 

[0 2 0 9] H 3 7 fcwS*l*ffll?W\ -7VU-71 ©5E 
S8»£LT» GHI1*C 1 1 7dSC 1 4^a^irnT^ 

3„ cneroHfEsc 1 i jiic 1 4 icw, 

MS K pi iTiM K pwtteStlTl^S. 

[0 2 10] [W]«Uc, ^/l/-7 p 2©H^»£LT, liEB^ 
We 2 1 7iSC 2 StfBJSStlTfcy, EflSttSMST 
SiiBSSt K P2l7blS K P23# t ^* : fT.Tt^o 



[0 2 1 1] JJU:<DJ:535:^;U-^«!fiEr5*aiSS 

ic, ^flDEwa^aatfn/fcttJBicfet^T* a— tr^s 

tt£<h, 3>-7 : > , y-y--/\"3(i, 038©7P-ft- 

[0 2 12] STOIC, 2 8 1 iCfcl^T, 

M" 3 ©CPU 2 1 IB«gP2 8lCfB1t?nT 

[0 2 13] cottSEftOStt, 02 9£03O*#fBiL 

IDlcS^T, Z<?*mm LrmZtcZZZ. £?'&*> 
EKBti, ay^vry— A3 let,, 7f-fe>X? 
-A-4^51B^?nT^^c C®*fiEtt»CJ:y» y# 
— ?*tlT^*iEW»ttl»^*tl*. 

[0 2 14] Xt77"S 2 8 2tCfc^T, HV^Vyit 
-A' 3 ©CPU 2 Hi, Xf7 7"S2 8 1 ©fStiliQil©^ 

jg, #at*nrcBEfli»*3B«r«. x^y 

5 2 8 3(Cj>l^T, CPU 2 1 te, Xf77"S 2 8 2©iQ 
a^Bg^-fb-TSo 2 8 4(Cfc^T, CPU 2 1 

wzmmrzo 

[0215] 03 7tc^^ns^;u-yi ©-5 "6, fll*. 

6 BEP^SC 1 4)S«'J#-^JiflTl^tf5t, Xx 

7 752 8 3 ©SQST-, flljtfcT, 0 3 9 [CjS**1* 

[0 2 16] "fftfo-S, 03 9©Wc*Sl/>-n*, HVx 
> i yg|Kc6\ SPB»C 1 1 ©£B8«Kpii, liEB^SC 1 
2©iiWaKpi 2 , $ft(4iffllfC1 3©iiBiaKpi3tC 

[0 2 17] □>7 1 >' , y+f-/<3©03 8lC^*tl*«fe 

•5%5asic^LT, □>^> , >©Jl«^§tt«S^U 

-f<0mS (•7^'T7 7 >H tt» i40©7P-ft- 

[0 2 18] STOIC, Xx-y^S 2 9 1 lCfcl/>T, ^5 
h 1 ©CPU 2 1 ti, =]>-?> , y+f-A3A ,: 0 3 8 
(DXt7 7*S 2 8 4©j!£lS7^fiLT*fc3>7 1 > , y 

«:±if Lfcfe 5 ic, #«SAMS^-r 3£l»8ilc «fc y Bf ^ 
IkStlTl^* (0 3 9) o 
[0 2 19] fcT*> Xf77"S 2 9 2lCfct/>T, CPU 
2 1 tt, Xx77"S2 9 1 ©«yST»S«Lfca»5B©=l 

>fv7i^ g»g#©^s®aT«^L, 

^lt, ^#Lfc=i>7 i > , ys : £ffl^T=i>7 i > , y©a 

[0 2 2 0] fflZlf, 0 3 9 0fflllCw**l*EW»C 1 
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[02 2 1] |W8*08yHi, IEB^*C 12, C 1 3lZtt 

* nfc n v ? > wcc # □ > 5 1 > y ic«bs t zm e *it 

C ft =l > x > 'y«Kc««-^-r 5 C i: &T*$tT* 

[0 2 2 2] WJbtefcfTtts =l>x>'y*- (rftfc 

*>\ 5-T-b>7*- (5'T-fcrVX) U:ttLT?Vl/-fc:°> 

[0 2 2 3] W±©«feotCLT, ffliftffr-r*- 
^ii-r^lCV (Integrity Check Value) Srfflt^ru: 

^u- nearer ioicifttTt"*. 

[0 2 2 4] *»WtCj5t"Ttts 

jiasi*SDMiT'S.466n/i:;i/-;i/tcS^T^n^ < , 

[0 2 2 5] 04 1 <t|2|4 2<D7P-5 1 A'- h£ 

#BHLT» i!£'<fc3ft?^7 7 Vhtc<£35^-fe>7.c7> 
*x y<7 7"i7 HJHfCO^TWWr*. 

[0 2 2 6] «:«3tC N 04 1 <7>:7P-t^- h«-#B8L 
TftS©?^ 7> Hc^-f-trVT.^xy^T 7 '^ hr« 

^^-fT'vhflC'toaKo^TWwr*. »*hc» x^-v 

3 0 1 K£Vc\ V^JTy V 1 CDCPU2 1 * 
I'y^? 1 ? r-flgiCD5<-tzy7.CQ? 1 x>y'?7 7 '7 h0»N 

[0 2 2 7] 3fclC, X^'i-yS 3 0 2lCfc^T. CPU 2 

1«. *nv?7 7 'l7 h^m<D^^-b>x<Dm±^^-y> 
7"7 r-BSN 2£, ^tty^-fHzVXOflWlfcfrtfSW 

[0 2 2 8] ? LT, Z?7^S 3 0 CPU 
2 1 tts Xf'^S 3 0 1 COfilST-K^anfc^x-y 
?7"} hE13SN 1 £\ Xt'^S 3 0 2 OMMZmfrW. 
Sftfc»**xy*7 7 *hEl*N2£*Jt8U *x>y 

*t^5#*«er*. 

[0 2 2 9] ^x-y^T"? hlsMKN 1 tf, ***xy* 

S 3 0 4(CJ13y N CPU 2 1 It. (*xy * 

T^r-ftCD^l'T'Vr-) <0U-7*-*ffl*fli«©e 

»»t**lTl , -*5-<'fe>ZIDlC»jSLTIB11ffl2 8c7) 



[0 2 3 0] 7t7^S 3 0 5K33l^T\ CPU 2 

1 it. X77^s 3 o 1 (Tj&iiTi^sxen/c^'f'-izv 

XCO^x-y^T 7 ? r-@»N 1 ©ffi* 1 >-J"J * > 

ht5. 7x7yS3 0 6lCfe^T> CPU2H*, V'T 
-tr>Xc7)^-y-b-v ; tcS^Ts ICV^jRWr^o CcT)l 
CVtCOUTtts 04 67bMEl5 0^#88LT^a5r^o 

icv*ffl^T5'f-fevxa)3S.a*i»±r*ctfl t RniBt 

ft£> = 

[02 3 1] ^(Cs Xx7yS 3 0 7tC*5l^T\ CPU 2 
114, ^x-y-77? r-ttfUTj^-i'-tzVT.i:, Xr77*S 
3 0 6<BffiST3*»**lfclCV*. gSrSfl-OiiBia* 

©aBfcHiau at:-***, X7 7 7"S3 

0 8Kfcl/>T\ CPU 2 Hi, Xt7 7'S 3 0 6<DS&3T* 

jSS^ftrc icv=&, ffl#ffiiJS»<ou-7*-<t, 

VXIDlCj!ttSLT831tgB2 SCTj^i -y ijt. iClSHt 

[0 2 3 2] X777"S 3 0 3lCj>l/«Ts fi7^ 
KIeIKN 1 &m±*JLV<77V r-0&N 2J;y>h;*-<ft 

ftSSltfgtt^xy*? 7 * hA^b+lTl^WT, Ctl 
«±fi7v79h^7Ctm5:L\ *-CT', X 
777"S3 0 9ltm^ CPU 2 1 It. l5-»3fcJlfT 

r*. r^^-6, c©t§, *xv*7'*nfl»*snT 

[0 2 3 3] H4 2©7n-^*-h*#{!BL 

Tv 04 1 Cfi'>W hSaaiCfeU, v'T-feVXtD 

e^r^o 

[0 2 3 4] «*mc, 7x77"S3 2 HCfc^T, 
ffliJ^S (^-r-bVX^^x-y-J'T 7 ^ ht5^7Y7> h 

XT7yS3 0 4|Cfc^T > ffl^tJtD-J'^'rT' 

[0 2 3 5] X777"S 3 2 2lCfcl^T, CPU 2 

1 ti, ffl^ffliJtrj^^^ZV h 1 tfSHNtflsSftfc^-f -fe 

JS^-s znZ&mTZo tts.1o%. CCD^-f-til/T^ IC 
V. EKBfccfeO'lIB^is 04 1 (DXrvyS 3 0 7C7)S£! ! 
STffl#ffliJcD^S)!)^6^1*nri: 1 t»c7JT-S5o 

[0 2 3 6] X777"S 3 2 3lCji^T. CPU 2 1 W\ 
X777"S 3 2 2t7)Sa,S-c:-§ftLf i : ; 7-<-tr>'X, ICV, E 

KBfcj;riaEB^»«v iBisa?2 8tcEii*-tt*. 

[0 2 3 7] JJLh<?5«fc-5tCLT, ^^VXCfi-yf 
7"7r-^§t7/j:-75-r7 7 >hHis fiy^htS 

04 3<7j7P-t"-V- r-lc^^ftl^SaS^ 

n^rso 

[0 2 3 8] r^*3"5, SWIC X77^S 3 4 1 tCfc 

i^T, sp^^Tyv 1 c7)cpu2 1 ii, □.-+f<fcyx7jSP 
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2 6*^LTW*fl«»**nA:avxvyoicveaw 

"TSo LT, ^f77S3 4 2(tfc^T, CPU 2 1 

ti, e«»2 8iEE«*nri"*OTfb*ftTv*icv 

[0 2 3 9] Xx-yX'S 3 4 3 Kfcl^T, CPU 2 

Hi, xf-yys 3 4 1 ©sraicfeUs i^i*jftfc 

ICV<h, X7 1 -y-' > S3 4 2<DJQSJcJ:ySE*ai*tu » 

^*+i/cicv6 , ;-Bc-ri.^s*^¥'j^-r^o 

So ^CT', 3 4 4lC-rf^ CPU 2 Hi, 

[0 2 4 0] CWcfctLT, Xx-y^S 3 4 3lc33l^ 
T, 2 0©ICVtf-SL*^£WSSnfc»&» 

vxjtsJrH^nTt^sn^JfeSo £©fc#>, xxv? 

S 3 4 5 Kit**. CPU 2 1 «, I^-SflS^SIft-r^o 
f&fr-S, ^©x-f-trVX^ffl^TnVxV 

[0 24 1] J-X±<D*3(CLTv •fteW-^^-f'T'V 

He— Sxx y *7"> h L/i5-l'-tz>X©xx -y 
=£gtt&^5'<7'> h©jflSlcr3L>T, E14 4W7P- 
x -V - h L TIBET % . 

[0 2 4 2] SflUC, Xt7?S 3 6 1 Kfcl^T, CPU 
2 Hi, *l#ffliJ©gS (^-f-feVXfciBJ] (fiv^-f 
V) LT<«'J'^'r7 7 Vh 1 ) <75 'J -7 xx-y 

:/S 3 6 2lCfcl^T, CPU 2 Hi, 7f77S36 1T? 

#*S#ffliJgEKxx'y?7"i7 h Lfc^f -tr>XTa5£fr 

sa^jjrr*, ccwuu, H4 1 ©xx-yys 3 0 

8<7)SaSTl31S?nrc:ICV, 'J -7*-, 35J:tf5-f-fe 
VXIDlCg^Tfrfrtl^o -r**5-S, Xf77*S3 6 

1 7flX»*tlfc'J-7+— v ^-f-feVXID, fc^tflCV 
tf, fiy^? 1 ) HJX h *lEE«*tlTt**#5fr# 

*7"7 I- Lfc^Hz>XT-££<h¥iJ5E?4a3„ 
[0 2 4 3] ^-r-fe>X*\ g^eS-^i-y^T 71 ? h 
Lfet©T**i:f> Xt'^S 3 6 3Kfc^T, CPU 

2 Hi, *S^ffliJ©gB©^--r-t:>X, EKBfcJ:tfBE^» 

©H"ji«*»str*. «ar*«fc3tz:* cos^fcs^ 

T> *gfMiJ©2slBli, 5-f-tlVX, EKBj3«fctfUf¥§«© 
»JI»«»5r* (04 5 3 8 3) . 

[0 2 4 4] Xf7^S 3 6 4(Cfc^T, CPU 2 Hi, 
— Mx 1 'V * T O h L 5 -T Hz V X tfStfx i 'V f V 
*ftT*fc<DT\ ^©^-f-tyXfD^x-y^TT/ h[s]» 
N ^ * 1 Iclfr* V bTZo 

[0 2 4 5] Xx-yX'S 3 6 5(C33l^T, CPU 2 Hi, 

f -feyXfi^a L&lMS^Kli, ^77^5 3 66 iCii 



3*, CPU 2 Hi, ffl#ffliJ(DSBOxi , y^'f >jt**«HS 
CtUCttLT, 777^3 6 5K33</>T, ffl##J 

©gEK^x-y^T"} h LTt^fft^-r-tiVXtf^S 

•rv*ai**3niBiSfl«**oT» xx-y7S3 6 6©*a 
a«x*-y73-n5, 

[0 2 4 6] ^?7 7S 3 6 21C&UT, fi7^V 

iCxi-y^Z^hLfc^'T-bVXT-H^iJpM^nfs: 
ig£\ CPU 2 1 li, Xx-yX'S 3 6 7^51^, x^-ift 

a*»ffr*. t-sfc-s, convict*. m*u&&m 

[0 2 4 7] x— ftf, ^-r-bvx^iElcat-Lfc 
cfcdfcif^, EBS-hTt^lCVflDBts X777S3 

6 1 ©»3i?iOT*ftfev^*v;uc«^T3ii**ft 
fc i cv©B#iift * t, © £ * t% fi7*-<v?$s 

[0 2 4 8] E]4 5li, EI4 4©7P-ft- HOt** 

=7 << * vxcdx i -y <7 >$as£H*T-r 5 ? 5 -< 7 

VHottLT, g#g#tf: S LTl^7'r*>X£xx 
•y^-I'VS-^^^l'T'V hCDSaS^LTC^o 
[0 2 4 9] XT77S38 1ttVT> 
1©CPU2 Hi, *I3M1©^B (EI4 4©-7n- J x-f- 

hic^-rsas^T-r^'?5<7 7 >hi) icy-?*- 

L/i:J:3k, ffl#ffliJ©SBli, X777S3 6 1 lC*}</> 
T, CO'J-7*-t7-f-b>XID*lSl»U Xt7 7 
S3 62(Ci5^T, -?-ntcS-3XNT, ^ x -y ? -f >W ^ 

©^ -t vxcDiSiiias^Hft-r 5o 

[0 2 5 0] 77 7 7S 3 8 2tc33^T, ^'TT'Vh 
1 ©CPU 2 1 tt, ffl##J©SB6 N S-7'r-fe>X©^JI^«- 

IES'S:xi i y-?'t'>^©7-l'-t>XT-S^«-&, ±SB 
LfcJ:3tC ffl#ffliJ©«B(i, X777S3 6 3<DJ!1I 

^ 0 C©S**S^Lfc*^ X7 7 7S 3 8 

3tC)t^, CPU2 Hi, 7-f-tVX, EKBfccfcO-iiEB^*^ 

rftfc*. cnicj;y, c©^^-f7'>M 

ti, i-X^ ; E-©7-f-tr>X^«fflT-$%^«^<l:'S:y, El 
4 40X777S 3 6 4©5aS(cJ:y, fi7^h 
0»N 1 1>\ 1 fcHtx^ ij y. y K*ti*o?s fi79 

[02 5 1] X777S3 82tCfct>T, ffl#ffll©^B 
6^5^-f-b>X©g"JI«*igE*3-4xTU«:t>i:ipJS*nfc 

X7 i -y7 , s3 8 4tcii^, x^-sas^nffjn 

H©aS ^ x -y ❖ 'T ^jB'T**^ C i lc«:5 0 
[0 2 5 2] W±(Cfc^Tti, ^x-y^-fVii^x-y? 
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7"j7 HEocTiasEL/'ctf* mia»u. ^-r-fevx^ntf 
[0 2 5 3] ^f-trvx OVxvyfcnMi) © 
I'^II (I CV) *£J«LT» 5-f-t>XlC»JSW* 

[0 2 5 4] 7'r-tr>7.<D-rV7 1 ^U7 1 < -fiy^l 

(i cv) it. «s?i«:7-f-fevxic»r*y\y->aB8» 

*fl3l/»Tft*S*U ICV = hash (Kiev, L 
1 , L 2, • • • ) lC<£oTi+l?I*-ft£o K i c vfi I 
CViSJt-T$$ t L 1. L2tt5-<-bVX<0««-P 
fe»J. 5-f Hz>X©BM1WW>*y-t!-5>BIiEl?# (M 
AC : Message authentication Code) &ffifi'£tl&o 

[0255] d e s m&mmfiLzm^tcM a cb&s 

flj£0 4 6 tc^-To El 4 6 ©«fi8(E5\T <k 3 tefcf B£ ft 
**vb-5>*8/KHIiffilc#tiJU CW"R »W* 
ftfty»-b-i'*M1, M2 S • • MNtf*) > 

*r» w&fi (iv) tMi*. SBW2 4-1 Aicjcy 
Sffteeutsiiifa-r^ (Rosens- i i .b-ra) . i 

1£DESPf^{bg|32 4-1 BKAft, 81 UitT» K1 

tr*) tffl^TflHWbr* (uj**ei tr*> o ffi 

ttT. E 1 £ «fetf M 2 «9mV 2 4 - 2 A «fc »J SfffeW 
miU 2*DESflHWb»2 4-2B'\ 

A*U «K l*ffl^Tfl»ib-r* (lll*E2) = «T\ 
Cft*t*y>gU £T©*v*-^U:**LTB»fl:«Hl 
SWT. DESflHWbSB2 4-NB^6»«»caT*feE 
N^y-b- v^SRSEI?^ (MAC (Message Authentica 
tion Code) ) <!:ft<&o 
[02 5 6] -pft^-f -feV7.COM A C<t<h I CV 

^'Jr-f (I CV) tfflfefig*tl*. 

Alc»:3^T£l3}Lfc I C V<b£J£»LT[II-<0 I C V 
*M# SttflW ^ Y -fe V7. K&BOTft C £ tMffi&x. 

[0 2 5 7] ^VXfflYVT^'Jx^-fi 
•y7{B ( I CV) K i c v*±Sfi(Dtf»!i 

'f-trVX^Vf^'Jf'f • ^x-j/-7fil ( I C V) 

[0 2 5 8] 04 7fe«fetfBI4 8 KBSOtW Afc« 

*BO*«S**BEr*/fc46©-f>^yy^-f 'fi*» 
<I£j$*-K i cvSWMkWn^ (EKB) (c 
*oTBBfS-r*»lJ«fl!l*^r. 04 7W:t i: M'-1'XO, 

1, 2, 3(CttLTtt^praft*xy*fiI£j**-K I 
c vSBlt*««SU 04 81*t7KA0, 1, 

2, 3"fOf/WX3«'J<|f-^ (8EP&) LTf/W7 



0, 1. 2te»LT©*«#Rrl&ft*xv*ffl£j**- 
K i c v*Ef!T*fll*5Vr. 
[0 2 5 9] H4 7©ffilTtts BK/-K+-K (t) 
OOlCcfcoTs ^x'y^fi^^-K i c vfcBS^fbL 
ftr-^En c (K (t) 0 0, Kiev) 
5W*0. 1. 2, 3lc£iv?*tif l ti4)ffr«/- 

(t) 0 0*«*qn6fc*«rfb*-7ny* (EKB) 

e«(CSrJ:3lC. $Ts EKB^ffiS 
<k(C<fc»A B«r*tlfcy-K*-K (t) OO^IXfl 
U *|C, »f§Lfc/-K*-K (t) OOSffi^T, 
P»fbarftfc*x'J'*«£flM 1 -Enc (K (t) 0 
0, Kiev) *t»LT, *x K i c 

[0 2 6 0] -^CDffeCDxVK 7.4, 5, 6, 7 • ♦ • tt 
l-©«Mt+-7"07^ (EKB) ^SfflLT^i^" 

LTB*r*ftfc/-K*-K (t) 0 0tWir«Z& 

[026 1] —15. 04 8<D0J«\ 0 1 2<*>£|6#T'H 

*H.*>%. 7/W20, 1, 2, UlttLTCD 
*Om*mt*1ttMt*-7ay* (EKB) ££fiELT 
E«Lfcffil?S*. 04 8 lc^-r*»f b*-^Pv^ 

(EKB) fivflfiWr- (Kiev) €/- 
K*- (K (t) 0 0) TBS^bLfcx-f En c (K 

(t) 0 0, Kiev) ^Effi-T^o 

[0 2 6 2] 04 8©effliJ(Ctix fre#ff$CTLT$ 
3„ 7/W7 0, 1, 2tts £3% B«Lfe*«HMr- 
7ny^6S aofiftrf * 'J - 7 *- S - K* 

-*fflL"fc«*fl31lC«fey. (K (t) 

0 0) ^SX?#-T5 0 K (t) 0 0lc«J:^«^tcJ: 

v*xv*wau$*-K i c v*uif»r*. 

[0 2 6 3] 01 2lC^fffe<Z>yvU-7<Z>-rM''r3.4 ( 

5, 6- • crorattia)^-^ (ekb) ^§ftu 

fflUTJ*fr/-K+- (K (t) 0 0) 

tf7»ftt\ 'J ^-^^tlfcx/^X 3 iCfc^T 

/— K+— (K (t) 0 0) ^KWf^Citfrtrs 

LTfWT * C <b ft^Sgi: ft 5 0 
[0 2 6 4] EKB^i&JJBLfc^xy^MI 

•3ft^lciEaii!pJ#<0*3B««#RniB4; Lfc*x* 

^*-^Efir5 c i^^tgcift^o 

[0 2 6 5] rcDcfc-5ft^-f -tr>XC0<'>5 1 ^ l J5 1 'r • 
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*xy*ffi (ICV) *ffl^*CttC«fcy» EKBiPf 

^1kv-r-tr>XCD^FIE=i bf-*SH*T*c 
flJ*.tfEI4 9 Alc^fcfcdlc, 5^-tr>XL 1 t-7-f-tr 
VXL 2 £**n*n©?-f -tevx=ir-«MMriBft* 
SMt*-7nv? (EKB) <fc£fctc*&WLfc*7V7' 
1 tf&lK C+l^ ; 5-CDSSp<xV7 7 2luntf-Lfti)l^ 
EKBiBf^b5'r-tr>x<7)=]tf-linj«g 
t-s y > :mekb fc^pjtgft^/ ^xwwt 

SSCtlCft*. 
[0266] 049B iC^rffilTtts 5V T^CIES 

^x^g (icv (li. L2) ) ztm-tzmtizt 

66, (ICV (L1, L2) ) It 7«ft>7 

3 : 7'r-tevxco<v7 i ?'y7 i -r • *x i c 

V = h a s h (Kiev, L1, L 2) 1km 

>X1 t5-f-feVX2fl«ttttStu 7-<-tr>XL 1 £^ 
<-fe>XL2»C»^T4m*tlfc-f Vr^Jf-f • 
xy*ffl (ICV (L 1 , L 2) ) flMMfttftl*. $ 
/c> ^x-r 7 7 2lcliiEaic5f -b>X1 *MftW*tu 5 

-f-tvxL 1 ics^T^^nfc-Ox^yx-r • ? 
XV ?m (i cv (li) ) w«rt*n*. 

[0 2 6 7] Cfl>«WJ|CS^T» ^f-f71 iCjftMStl 
fc {EKB, 5-f-t>X2} 7*21;: 3 If- L ft 

lcaj«-rat» ICV (L1, L2) &&&2tlZZ£ 
lefty* p<7 1 V7'2lC^^txT^SK i cv (L1) 
tS^Uv ^*VX©ail**l/>tt*IEft3e-lEJ: 
Sfcrfcft 7 -r -tr VX©tttt#§IS*;h.fc d <i: 6 6HC 

ft*. yxV^^s^-r^x/^xtufc^T^ lixf 

•y^Oia^yy^lc I CV^i'y<7^||^LTs £j$ I 

cvtuii cv©-»*w»ju -4iLisim 
^**tTLft^*fi8fr*ctfc«fcy, ^iE=itf-© 

[0 2 6 8] Tre.tC ££1£«ffitt«fei6s 

-tVXtDfVT^'JT 1 ^ • fiy>f (ICV) SS* 

****>***afc7*-*ic»:Ju*T£j»T**/8£ 

LTt<tl\ fftto^ I CV = h a s h (Kiev, c 
ounter + 1, LI. L2, •••) K<£oTftff 
TZmtfLtrZo ^^V* (counter + 

D tis i c v©»*MS7tciici o-f >*yy>h* 
ft*«£ LTHjer*. ftfc\ *'7>*fiiiHz*j.7 7 ft 

[0 2 6 9] 3-e.lCs 5'T-fe>X©'rV7 1 '9 , U7 1 'r • 
xy*« (I CV) *5<f-fc>*£ra— /TV^fcttlA 
-r^ci^T'5-fti^^cfc^TWs ^f-fe>x©-i'> 
fyjf^ -fi^l (icv) t^-f-bvxtttsj 
©*7V7\tic^T**j«£L.T*ij:i\. 

[0 2 7 0] fly*!*, K^^*ffl^X'T7 7 '¥>a^©M 



0«©q tr-B5±«©t5tiT^ft^^ x-f 7(c-7-f -tr 

*x-y7fif (ICV) I CV(Df?Mtf 

3FiEfta-*ftcJ:yft*ti«pIIB1tfi 5 *y» i cvrog 
^^Tft^*3*ft#»*. £CD«ft»^ 
->>±CD^ftP<7 : V7'tC I CV*«M*LT, 7-f-fe> 
Xtf>Pkf— hP-/l/ (CT^.«'check-in/check-outv 
move) tc I C V&tem?2>mf$,£t2>Z.£lC£V. I C 
V©££ft ! g3fcJ:tf7-<-fc>7 t ©&fi? 1 x y ^tfnJtg 
ift*„ 

[027 1] CeotlfigflJ^EI 5 0 (C^-To El 5 0 T*im 
9 4 Z-^ii^©M OH ©P t-RSlkWOt 
StlTVftl/** 7**7*2 2 0 1 K7-r-fe>7.1 TbS^* 

T^yTr-f •fi7*« (i cv) zL—tf^saic 
T^HzxTszirosfRT^nfti^x r-^->>±<£>££ 

ftp<7 r 'f7 7 2 2 0 2lCttMU a— tflC«fc«^iEfi:-fV 
x^Jf-f '^x-y^ffi (I CV) CD*^£*.£RfiltL 
fcffil?**. C©«fc3ft«W84:l,T* 7*-r 7* 2 

2 0 1 ^SL/cx/\VX6\ ^f^722 0 1 ©SS 

js&-rni& ^FiEftatf-5-<-b>x«*tHi^s^'r 

[0 2 7 2] *»Wfl ? affl*n*^5-f7 , VH4, 1^*5 
K»*/\°-V7";L'=l>t;a— ?IU.9UC> PDA (Personal Di 
gital Assistants) > »WWBM, 

[0 2 7 3] — 31©»g*V7 r-^XZtCfcyH^-tt 
S«^fC«, f(!5V7h7l7*iit57"Py7A 
Jb\ Hffl©/\- K?x7 7 U:^j&$ttTl^P>t:°x- 

/\°-V7-;l/=l>eiL-*ft<t:lC. h7— **IB»« 
ftfrS-OX I — /b^tl5„ 
[0 2 7 4] E12lC^?n*J:5lC, 

•741 (7Pyer-fX7Stt-) > 7^r<X742 

(CD-ROM (Compact Disk - Readonly Memory), DVD (Dig it 
al Versatile Disk)*£tJ) s MMfVX7 4 3 (M 
D (Mini-Disk) » «b L < ^ 'J 4 4 

ft £ J: y fts/w^-^y 7-ic j; y «ua* n*«i7 

rP^5^sBS?tlT^*R0H2 2-¥>, IB 

[0275] ft as, *im*B»fca3^T> ies«fficiBS 

*n*^P'7^A^fBa!-r*X7 1 'y7'ti, IBU^tifdH 
i t^5'JWt::SQa*nft< it,, M9"J«a5*t>l*ffiiB'Jtc 
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*fT*ft*tta* , fe$tj'fcfl!>?**. 

[0 2 7 6] $/cs **aUx<rlcM>iT*J03**fT 
:7"py5A£*>M-U^X£>l-^'a-/l/<bLT*« 

[0277] $fc. □>7 i > , y^ijffli ! For-r« : 7'fHz> 
►a &35^>x#*gffl£i^T3p>x> , y£'if£ 

T*tiHI?»y» *7<7VH fr65-f-t*>Xg:a?K 

V 5 1 V y I c =l > x > ^ © £> P > x > I c M T Z> 

y X lc <fc o TfiJfflfF Rl^n^ =1 >ycD&ttiS£fa« 

$ sttis p > x > f onm itimr z 5 f 
«= sctf* ro^ -f -tr > x tfspjffl sit pj-r 3 □ > x > y «» 

j£r*1MrP*y* 5*f -te>X I Dte5--r-t:>X£--j£ 
lc*a]*-*flBB£ft*. d<7)<i:-5lcL«:Ji^c^ —2 

[0 2 7 8] *B^»*lCfc^Tv ->XxA<tte> 

[0 2 7 9] 

r>'7?^ 7-r-trvx+j— /\\ tttfK^n^^ictn 

8g&^'T*>X£l>l»T*C<b^P>x>\J'£fi|fl!TS 

[Hsrofsm&iHtE] 

[HI] *«91*afflLfc3Vx>ySWt->;ixlUD« 
fiL^TTit 7'p y ^HT&So 
[02] Hi <V?7*7> bMnf&&7rsT7'nv <?m? 

[H3] HI <D^5'Ty 7 >KD3>x> 4 y©^ , >>P- 
KSBS*SWB-r«7P-x-V- hTS*. 
[H4] 01 ©a>fV7^-A©3VxV7Mil!H 

[H5] 2 6lCjStfZ7*-W h<£> 

WI^-THTJ&So 

[H6] hi ro-77-<7 7 > HDPVxvys^MSfciH 



[H7] H6(7)Xx>V^S4 3(D ; 7'r-tr>XIX?#5QS0 
[H8] 5^>X<Dt8J#&/T;-rHT£3o 

[H9] hi (D^f-trvx+T— /^o^-f-fe>xaet©a 

[HI 0] 06«)X7 : 77'S4 5K*iW*^-f-fe>XK 
*r*01<O#«*lJMI3-r 5 7 P - x + - h T»* 5» 

[HI 1] H 1 •bVX'T"— /^CD^-T -tzVXSfffSQ! 

l*BWr«7P-ft- hT-«5o 

[HI 2] *-©llMl*«i!l»-*H"P**. 

[H1 3] *xJUy-K*Wflir*HT»*. 

[HI 4] /-Ktx/^-fXflDatfJSOJIflsffllt^iaT 

[hi 5] GMt*-zrnv<7<Dmm*mwTz>mT*& 
[hi 6] *«rfb*-^py^©niffl*Kwr*ia"p» 

[Hi 7] SSMb*-7 f P , yy«)X*--7'> 
-THTS^o 

[Hi 8] *m:*--7av9<i>*<r<i>im*miT* 

H?S3o 

[H1 9] ONKSffl^fcPVxVyOffl^SQS^K^-r 

[H2 0] t«rfb*-^n'y^©ffil*^t 

[H2 1 ] *8W)p:/xVy©1 -oaiTlWM&tt* 

[H2 2] 7-f-feVX<0*xdfU*|JiWr5HT*«o 
[H2 3] ^5'f7'>K0U'yt:>y«S*WW*-*7 
P-f + -ht'S5o 
[H2 4] **-*--7-*©**a*iWJIrt-3H-p* 

[H2 5] 3>r>7C7*-7y hff)M/ft0T* 

[H2 6] iiBBaaEW^ffil^^-rHT'S^o 
[12 7] 3>T>'y©Ift*B!WT3ET»«. 
[12 8] <75-<7 7 > h<73P>7 1 > , y©xi , v5'7 7 '7 h 

$ra*BMi!T*:7a-x+- h - ?**. 

[H2 9] *7lc«fc**»<b*-7Py **fc£*0J* 

[H3 0] 1i3iMb*-5 r Py^fl)««ffil*m-rH-p* 

[H3 1 ] ?-7C5llfiE^t30T'$5. 
[13 2] ?5-<7 7 Vh<7)^-<-b>Xg^SSy$aiI£!H 
S|t*7P-f + - ht*S5. 

[H3 3] 5-r-b>x-t-/<(D : 7'r-b>xs^isys£ia 

[13 4] 7-*©*j*1M*jj*TB?»*. 
[13 5] ^^-T7 T > h<DKE9J*a>aft4QJI«lffllir« 
7D-ft- 
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[03 6] □Vx>V-9--/toEB»HWJra«JMfJT 
[13 8] ^U-trvytffffcftTfSJidKfiltaa 

So 

[04 0] ^u-yics-rs^^'TT'vhwjtti^iKB^ 
[04 1] mo^^^Ty^^^-^y^^^^^T 

[04 2] fte^-j'^-rzv (-A^e^'T-trvxro^x-y^ 
7"7 y-*mtz*5'fT> h©*os*i)Hiir*7n-* 

■V— hT'fe^o 

[04 3] 5-f-feVX©^iy^7"Jh*Sl*fc*5'r 
[04 4] ffiOD^^'T T'V hfre^-f-fcVXOT^iy? 

•< v*58tt 5 -7 5 -r t 7 y h ©assittw*- % y n - * * 



[04 5] fd3<D->"7-<7 , > hlC^-f-feVXfc^x 

[04 6] MACOSfi8*KWr*HT»*. 

[04 7] ICVSfi8=lr-©«#«!a*lttWr*7n-^ 

[04 8] icvflfeja*-©fao«*«»«ittwr*iaT 

[04 9] imccfc^^-<-t?>X(7)=it: o -cDe^Si0^ 

[05 0] 5^f-tvx©«i*Kwr*H-pa5*. 

1-1, 1-2 ^-TT'VK 

k 3 3>r>7^-/\; 

m\ s 2 0 

2 4 Bi^ba^gB, 2 5 
AftSP, 2 7 lll*ffl, 2 8 
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/ \ J 
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Y«il 



S44 



Ye;; | ' 
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S45 
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S135 
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EKB 



Enc(KR,Kc) 



Cert 



gjgOjeader) 



Enc(Kc .Content) 



Meta data 



Mark 



CID 
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URL 



WM 
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13 1] 



H31 



mi 3] 



11 5] 
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8 
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/\—Vb> (Version) :t 
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mto1£*c--JU ^(EKB:Enabling Key Block) 
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0010 
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